Auto merge of #863 - RalfJung:deref-checks, r=RalfJung

adjust tests for eager pointer checks on deref

The Miri side of rust-lang/rust#63075.

Fixes #447.

rust-version

@@ -1 +1 @@
-00ee1b47f42129a0a6e33510578fbcf07c1e5382
+1cdcea920e56a5d0587307a4c9cf8fff5c77c4bc

src/operator.rs

@@ -35,7 +35,7 @@ impl<'mir, 'tcx> EvalContextExt<'tcx> for super::MiriEvalContext<'mir, 'tcx> {
  #[inline]
  fn pointer_inbounds(&self, ptr: Pointer<Tag>) -> InterpResult<'tcx> {
  let (size, _align) = self.memory().get_size_and_align(ptr.alloc_id, AllocCheck::Live)?;
- ptr.check_in_alloc(size, CheckInAllocMsg::InboundsTest)
+ ptr.check_inbounds_alloc(size, CheckInAllocMsg::InboundsTest)
  }
 
  fn binary_ptr_op(

tests/compile-fail/deref-invalid-ptr.rs

@@ -0,0 +1,7 @@
+// This should fail even without validation.
+// compile-flags: -Zmiri-disable-validation
+
+fn main() {
+ let x = 2usize as *const u32;
+ let _y = unsafe { &*x as *const u32 }; //~ ERROR dangling pointer was dereferenced
+}

tests/compile-fail/deref-partially-dangling.rs

@@ -0,0 +1,8 @@
+// Deref a raw ptr to access a field of a large struct, where the field
+// is allocated but not the entire struct is.
+fn main() {
+ let x = (1, 13);
+ let xptr = &x as *const _ as *const (i32, i32, i32);
+ let val = unsafe { (*xptr).1 }; //~ ERROR pointer must be in-bounds at offset 12, but is outside bounds of allocation
+ assert_eq!(val, 13);
+}

tests/compile-fail/intptrcast_alignment_check.rs

@@ -1,18 +1,12 @@
-// Validation makes this fail in the wrong place
-// compile-flags: -Zmiri-disable-validation
-
 // Even with intptrcast and without validation, we want to be *sure* to catch bugs
 // that arise from pointers being insufficiently aligned. The only way to achieve
 // that is not not let programs exploit integer information for alignment, so here
 // we test that this is indeed the case.
 fn main() {
  let x = &mut [0u8; 3];
  let base_addr = x as *mut _ as usize;
- let u16_ref = unsafe { if base_addr % 2 == 0 {
- &mut *(base_addr as *mut u16)
- } else {
- &mut *((base_addr+1) as *mut u16)
- } };
- *u16_ref = 2; //~ ERROR tried to access memory with alignment 1, but alignment 2 is required
+ let base_addr_aligned = if base_addr % 2 == 0 { base_addr } else { base_addr+1 };
+ let u16_ptr = base_addr_aligned as *mut u16;
+ unsafe { *u16_ptr = 2; } //~ ERROR tried to access memory with alignment 1, but alignment 2 is required
  println!("{:?}", x);
 }

tests/compile-fail/storage_dead_dangling.rs

@@ -8,8 +8,7 @@ fn fill(v: &mut i32) {
 }
 
 fn evil() {
- let v = unsafe { &mut *(LEAK as *mut i32) };
- let _x = *v; //~ ERROR dangling pointer was dereferenced
+ unsafe { &mut *(LEAK as *mut i32) }; //~ ERROR dangling pointer was dereferenced
 }
 
 fn main() {

tests/run-pass/stacked-borrows/stacked-borrows.rs

@@ -1,6 +1,5 @@
 // Test various stacked-borrows-related things.
 fn main() {
- deref_partially_dangling_raw();
  read_does_not_invalidate1();
  read_does_not_invalidate2();
  ref_raw_int_raw();
@@ -14,16 +13,6 @@ fn main() {
  shr_and_raw();
 }
 
-// Deref a raw ptr to access a field of a large struct, where the field
-// is allocated but not the entire struct is.
-// For now, we want to allow this.
-fn deref_partially_dangling_raw() {
- let x = (1, 13);
- let xptr = &x as *const _ as *const (i32, i32, i32);
- let val = unsafe { (*xptr).1 };
- assert_eq!(val, 13);
-}
-
 // Make sure that reading from an `&mut` does, like reborrowing to `&`,
 // NOT invalidate other reborrows.
 fn read_does_not_invalidate1() {