Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow running MIRI #100

Open
JarvisCraft opened this issue Aug 27, 2023 · 2 comments
Open

Allow running MIRI #100

JarvisCraft opened this issue Aug 27, 2023 · 2 comments
Labels
enhancement New feature or request

Comments

@JarvisCraft
Copy link
Contributor

JarvisCraft commented Aug 27, 2023
edited
Loading

Introduction

While some Flipper abstractions are easy to port to Rust, some have complicated lifecycles and are tricky to be wrapped in safe abstractions. Current work done in #29 is an illustration of this point.

The most common problems appearing are

Aliasing

Arguably, the most complicated and still volatile part of Unsafe Rust especially painful when ahving to work with APIs which originally provide shared access (first of all, callbacks).

This is also especially tricky artound Box-based allocations for which there are uniquness guarantees at some point.

Concurrency & mmulti-threading

When and where do we have to insert synchronizations for soundness?

This is specifically important for callback-based APIs.

Extern type trickery

See rust-lang/rfcs#1861 for what we may need ideally.

We may want to create formally unsized wrapper-types of form

#[repr(transparent)]
struct Foo {
    // this should be an extern (thus unsized) type
    // making this wrapper unsized
    raw: sys::Foo,
}

which would only be usable via pointers (and their derivatives, i.e. references) safely transmutable to/from raw pointers.

In order to facilitate the creation of such abstractions, more tools could be used.

Description

We should try allowing the usage of MIRI in the way similar to how the tests are run currently.

This would give us a chance to catch some errors inm wrapper implementations.
@JarvisCraft JarvisCraft added the enhancement New feature or request label Aug 27, 2023
@str4d
Copy link
Contributor

str4d commented Dec 20, 2023

We're going to have a very hard time of this, because Miri doesn't yet support arbitrary FFI calls. I've locally made changes that enable MIRI_NO_STD=1 cargo miri test --target thumbv7em-none-eabihf to at least run into this issue:

error: unsupported operation: can't call foreign function `furi_record_open` on OS `none`
   --> /path/to/flipperzero/crates/sys/src/furi.rs:112:19
    |
112 |             data: crate::furi_record_open(name) as *mut T,
    |                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ can't call foreign function `furi_record_open` on OS `none`
    |
    = help: this is likely not a bug in the program; it indicates that the program performed an operation that the interpreter does not support

but given the sheer quantity of FFI calls we have, I don't think we can reasonably expect to mock them all out for Miri.

str4d added a commit that referenced this issue Dec 20, 2023
@str4d
flipperzero: Enable Miri to start running the tests
88ad0d7 
It doesn't *successfully* run the tests because Miri doesn't yet support
FFI, but these changes enable the following command to actually start:

    MIRI_NO_STD=1 cargo miri test --target thumbv7em-none-eabihf

Part of #100.
@str4d str4d mentioned this issue Dec 20, 2023
Merged
@str4d
Copy link
Contributor

str4d commented Dec 20, 2023

Aha, I missed the -Zmiri-extern-so-file=<path to a shared object file> experimental flag. So Miri does support at least simple FFI calls that only have integer (or void) args and return. That won't help for the majority of the FFI calls in the Flipper Zero SDK though, which operate on pointers.

str4d added a commit that referenced this issue Dec 26, 2023
@str4d
flipperzero: Enable Miri to start running the tests
22ee3a3 
It doesn't *successfully* run the tests because Miri doesn't yet support
FFI, but these changes enable the following command to actually start:

    MIRI_NO_STD=1 cargo miri test --target thumbv7em-none-eabihf

Part of #100.
str4d added a commit that referenced this issue Dec 27, 2023
@str4d
flipperzero: Enable Miri to start running the tests
033173a 
It doesn't *successfully* run the tests because Miri doesn't yet support
FFI, but these changes enable the following command to actually start:

    MIRI_NO_STD=1 cargo miri test --target thumbv7em-none-eabihf

Part of #100.
str4d added a commit that referenced this issue Dec 27, 2023
@str4d
flipperzero: Enable Miri to start running the tests
94a1035 
It doesn't *successfully* run the tests because Miri doesn't yet support
FFI, but these changes enable the following command to actually start:

    MIRI_NO_STD=1 cargo miri test --target thumbv7em-none-eabihf

Part of #100.
str4d added a commit that referenced this issue Apr 18, 2024
@str4d
flipperzero: Enable Miri to start running the tests
8c7c40e 
It doesn't *successfully* run the tests because Miri doesn't yet support
FFI, but these changes enable the following command to actually start:

    MIRI_NO_STD=1 cargo miri test --target thumbv7em-none-eabihf

Part of #100.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@str4d @JarvisCraft