-
Notifications
You must be signed in to change notification settings - Fork 116
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Miri tests failing #135
Comments
I don't think this has anything to do with commit 3a6bc02 and it is probably a The code which triggers the error unsafe { &*self.to_bitslice_ptr() }
Examples in playground showing the above described behaviour: |
It was pointed out in the referenced miri issue by RalfJung that it might not actually be sound to dereference a pointer to a ZST when the pointer points into a previous deallocated allocation. See rust-lang/unsafe-code-guidelines#93. The issue is that |
I apologize for my radio silence; it's been a wild fall for me and I've been basically heads-down in pushing for 1.0 and haven't looked at my GitHub notifs at all. This has been occurring for me also, essentially exactly as you all have described. I've been trying to figure out a way to bypass it that maintains all the necessary invariants, but because it is a transient bug, I haven't been able to really have much success with it. The main problem appears to be a tension between behavior I have been explicitly asked to maintain for compatibility with What stumps me is that the references Miri believes are faulty appear as I don't really know if there's anything I can particularly do to convince Miri that I'm not dereferencing deällocated memory. I haven't seen this fault in a while, but I also haven't changed any of the faulting codepaths since before it went away, so I'm very conscious that there's nothing I did to resolve it. I think this is something we're basically going to have to live with. I'd like to have more communication with the Miri team about not investigating provenance on |
(Coming here from rust-lang/miri#1866 (comment).)
I'm happy to figure out what is needed here. :) I will note though that the problem reported against Miri above is caused by Also, while I would love to put further exemptions on provenance for zero-sized things, sadly I could not not get confirmation from LLVM that they are okay with this. (Specifically, I asked if |
Specifically, as @tavianator noted here, avoiding the usize-to-ptr cast in this line fixes at least some provenance problems. That cast can be avoided using a function like this: // Converts 'addr' to a pointer using the provenance of 'prov'.
fn int_to_ptr_with_provenance<T>(addr: usize, prov: *const T) -> *const T {
// Nowhere in this function do we cast an integer to a pointer!
let ptr = prov.cast::<u8>();
ptr.wrapping_add(addr.wrapping_sub(ptr as usize)).cast()
} This function makes it explicit which provenance the new pointer should have (in the bitvec code linked above, that would be the provenance of On the other hand I have no idea if the compiler will be able to entirely optimize away something like |
I have been habitually taking an adversarial view of Miri's understanding, largely because I don't understand it, and am always happy to be told to change my tune :) I also always appreciate free code to do a better job. To be sure I understand it, this function takes a computed new address
When I plug example::make_bitspan_u32:
mov rax, rdi
shl rsi, 5
movzx ecx, dl
sub rsi, rcx
and edx, 3
lea rdx, [rdx + 8*rsi]
ret I have long ago stopped pretending that I need to care about LLVM's desires, because lots of people smarter and more dedicated than me have already done this. A truly frightening amount of the crate gets solved at compile time and I have given up entirely on trying to benchmark it or otherwise be conscious about performance, because despite my best efforts I just cannot stop getting reports of 0ns/iteration. If I weren't directly and freely benefiting from other people's labor I'd almost be annoyed. |
Yes, that sounds right. Ideally LLVM would have a primitive operation to do this, but for now this is the best way we have to express this operation. |
Fix the miri failures in doctests, see issue ferrilab#135. The issue is that miri doesn't guess correct provenance in the int-to-ptr cast in `BitSpan::new_unchecked`, as was found by @tavianator [here](rust-lang/miri#1866 (comment)). The solution is to preserve provenance and was proposed by @tavianator [here](rust-lang/miri#1866 (comment)). With this change the entire test suite passes under miri.
Removing my patch solution (the load-bearing debug-assert) passes Miri with Ralf's |
I'm locking this because I'm about to tell people about it on reddit |
I noticed the following recently in miri tests in deku: https://github.com/sharksforarms/deku/runs/3231975319?check_suite_focus=true#step:4:301
I was able to bisect it down to 3a6bc02 in bitvec using
cargo +nightly miri test 2>&1 | grep "test array::tests::ops ... ok"
What's weird is that running the singular test works fine, and
-- --test-threads=1
passes too, but running all tests throws an error.The text was updated successfully, but these errors were encountered: