Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ICE when reading bytes from an enum storing a pointer #1910

Closed
nipzu opened this issue Nov 8, 2021 · 1 comment · Fixed by rust-lang/rust#90892
Closed

ICE when reading bytes from an enum storing a pointer #1910

nipzu opened this issue Nov 8, 2021 · 1 comment · Fixed by rust-lang/rust#90892

Comments

@nipzu
Copy link

nipzu commented Nov 8, 2021

Code

Running the following with cargo miri run crashes.

fn main() {
    let foo = Some(&42 as *const i32);

    unsafe {
        core::ptr::read((&foo as *const _ as *const u8).add(12));
    }
}

Meta

rustc --version --verbose:

rustc 1.58.0-nightly (46b8e7488 2021-11-07)
binary: rustc
commit-hash: 46b8e7488eae116722196e8390c1bd2ea2e396cf
commit-date: 2021-11-07
host: x86_64-unknown-linux-gnu
release: 1.58.0-nightly
LLVM version: 13.0.0

cargo miri --version --verbose:

miri 0.1.0 (9c18177 2021-10-26)

Error output

thread 'rustc' panicked at 'Size::sub: 8 - 12 would result in negative size', /rustc/46b8e7488eae116722196e8390c1bd2ea2e396cf/compiler/rustc_target/src/abi/mod.rs:430:13
Backtrace 

stack backtrace:
   0:     0x7f0363400c6c - std::backtrace_rs::backtrace::libunwind::trace::h793e05efd273d0f4
                               at /rustc/46b8e7488eae116722196e8390c1bd2ea2e396cf/library/std/src/../../backtrace/src/backtrace/libunwind.rs:93:5
   1:     0x7f0363400c6c - std::backtrace_rs::backtrace::trace_unsynchronized::h640b7b86ff610c77
                               at /rustc/46b8e7488eae116722196e8390c1bd2ea2e396cf/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
   2:     0x7f0363400c6c - std::sys_common::backtrace::_print_fmt::h362fa2a4f354f877
                               at /rustc/46b8e7488eae116722196e8390c1bd2ea2e396cf/library/std/src/sys_common/backtrace.rs:67:5
   3:     0x7f0363400c6c - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::hf439e5ed84c74abd
                               at /rustc/46b8e7488eae116722196e8390c1bd2ea2e396cf/library/std/src/sys_common/backtrace.rs:46:22
   4:     0x7f036345deac - core::fmt::write::h72801a82c94e6ff1
                               at /rustc/46b8e7488eae116722196e8390c1bd2ea2e396cf/library/core/src/fmt/mod.rs:1149:17
   5:     0x7f03633f1495 - std::io::Write::write_fmt::h5562a8b6da0f0339
                               at /rustc/46b8e7488eae116722196e8390c1bd2ea2e396cf/library/std/src/io/mod.rs:1697:15
   6:     0x7f0363403ec0 - std::sys_common::backtrace::_print::hb29ddd998d02631c
                               at /rustc/46b8e7488eae116722196e8390c1bd2ea2e396cf/library/std/src/sys_common/backtrace.rs:49:5
   7:     0x7f0363403ec0 - std::sys_common::backtrace::print::h81965e3d7c90fbb6
                               at /rustc/46b8e7488eae116722196e8390c1bd2ea2e396cf/library/std/src/sys_common/backtrace.rs:36:9
   8:     0x7f0363403ec0 - std::panicking::default_hook::{{closure}}::h84db205ab6674b38
                               at /rustc/46b8e7488eae116722196e8390c1bd2ea2e396cf/library/std/src/panicking.rs:211:50
   9:     0x7f0363403a6b - std::panicking::default_hook::h1bf8bb4159936bca
                               at /rustc/46b8e7488eae116722196e8390c1bd2ea2e396cf/library/std/src/panicking.rs:228:9
  10:     0x7f0363b98d31 - rustc_driver[e620c7401644acc4]::DEFAULT_HOOK::{closure#0}::{closure#0}
  11:     0x7f03634046d9 - std::panicking::rust_panic_with_hook::hf8e86850fbbd03b1
                               at /rustc/46b8e7488eae116722196e8390c1bd2ea2e396cf/library/std/src/panicking.rs:610:17
  12:     0x7f0363404190 - std::panicking::begin_panic_handler::{{closure}}::h590a0d6060ff866e
                               at /rustc/46b8e7488eae116722196e8390c1bd2ea2e396cf/library/std/src/panicking.rs:502:13
  13:     0x7f0363401124 - std::sys_common::backtrace::__rust_end_short_backtrace::h260b8bd1c848a03c
                               at /rustc/46b8e7488eae116722196e8390c1bd2ea2e396cf/library/std/src/sys_common/backtrace.rs:139:18
  14:     0x7f03634040f9 - rust_begin_unwind
                               at /rustc/46b8e7488eae116722196e8390c1bd2ea2e396cf/library/std/src/panicking.rs:498:5
  15:     0x7f03633c91f1 - core::panicking::panic_fmt::h7b8580d81fcbbacd
                               at /rustc/46b8e7488eae116722196e8390c1bd2ea2e396cf/library/core/src/panicking.rs:106:14
  16:     0x55e2f5d007d7 - <core[cc79c391059f8e46]::iter::adapters::map::Map<core[cc79c391059f8e46]::slice::iter::Iter<(rustc_target[819931b88a693851]::abi::Size, miri[8516525dcafbc859]::machine::Tag)>, <rustc_middle[93690e4789d7fe1d]::mir::interpret::allocation::Allocation<miri[8516525dcafbc859]::machine::Tag, miri[8516525dcafbc859]::machine::AllocExtra>>::prepare_relocation_copy<rustc_const_eval[330bf889a0b98a9d]::interpret::memory::Memory<miri[8516525dcafbc859]::machine::Evaluator>>::{closure#0}> as core[cc79c391059f8e46]::iter::traits::iterator::Iterator>::fold::<(), core[cc79c391059f8e46]::iter::traits::iterator::Iterator::for_each::call<(rustc_target[819931b88a693851]::abi::Size, miri[8516525dcafbc859]::machine::Tag), <alloc[9a4bc13598ff604f]::vec::Vec<(rustc_target[819931b88a693851]::abi::Size, miri[8516525dcafbc859]::machine::Tag)> as alloc[9a4bc13598ff604f]::vec::spec_extend::SpecExtend<(rustc_target[819931b88a693851]::abi::Size, miri[8516525dcafbc859]::machine::Tag), core[cc79c391059f8e46]::iter::adapters::map::Map<core[cc79c391059f8e46]::slice::iter::Iter<(rustc_target[819931b88a693851]::abi::Size, miri[8516525dcafbc859]::machine::Tag)>, <rustc_middle[93690e4789d7fe1d]::mir::interpret::allocation::Allocation<miri[8516525dcafbc859]::machine::Tag, miri[8516525dcafbc859]::machine::AllocExtra>>::prepare_relocation_copy<rustc_const_eval[330bf889a0b98a9d]::interpret::memory::Memory<miri[8516525dcafbc859]::machine::Evaluator>>::{closure#0}>>>::spec_extend::{closure#0}>::{closure#0}>
  17:     0x55e2f5cfa7d5 - <rustc_middle[93690e4789d7fe1d]::mir::interpret::allocation::Allocation<miri[8516525dcafbc859]::machine::Tag, miri[8516525dcafbc859]::machine::AllocExtra>>::prepare_relocation_copy::<rustc_const_eval[330bf889a0b98a9d]::interpret::memory::Memory<miri[8516525dcafbc859]::machine::Evaluator>>
  18:     0x55e2f5d19c6e - <rustc_const_eval[330bf889a0b98a9d]::interpret::memory::Memory<miri[8516525dcafbc859]::machine::Evaluator>>::copy_repeatedly
  19:     0x55e2f5d2f610 - <rustc_const_eval[330bf889a0b98a9d]::interpret::eval_context::InterpCx<miri[8516525dcafbc859]::machine::Evaluator>>::copy_intrinsic
  20:     0x55e2f5d3f46c - <rustc_const_eval[330bf889a0b98a9d]::interpret::eval_context::InterpCx<miri[8516525dcafbc859]::machine::Evaluator>>::statement
  21:     0x55e2f5cf2f94 - miri[8516525dcafbc859]::eval::eval_entry
  22:     0x55e2f5c64cec - <rustc_interface[f89f8228a4e35bc7]::passes::QueryContext>::enter::<<miri[7f529140cf3824ff]::MiriCompilerCalls as rustc_driver[e620c7401644acc4]::Callbacks>::after_analysis::{closure#0}, ()>
  23:     0x55e2f5c68d53 - <miri[7f529140cf3824ff]::MiriCompilerCalls as rustc_driver[e620c7401644acc4]::Callbacks>::after_analysis
  24:     0x7f0365a11041 - <rustc_interface[f89f8228a4e35bc7]::interface::Compiler>::enter::<rustc_driver[e620c7401644acc4]::run_compiler::{closure#1}::{closure#2}, core[cc79c391059f8e46]::result::Result<core[cc79c391059f8e46]::option::Option<rustc_interface[f89f8228a4e35bc7]::queries::Linker>, rustc_errors[c8a333c965fedc03]::ErrorReported>>
  25:     0x7f0365a0146f - rustc_span[2d5555579096f1fe]::with_source_map::<core[cc79c391059f8e46]::result::Result<(), rustc_errors[c8a333c965fedc03]::ErrorReported>, rustc_interface[f89f8228a4e35bc7]::interface::create_compiler_and_run<core[cc79c391059f8e46]::result::Result<(), rustc_errors[c8a333c965fedc03]::ErrorReported>, rustc_driver[e620c7401644acc4]::run_compiler::{closure#1}>::{closure#0}>
  26:     0x7f0365a11f50 - <scoped_tls[3fea4c3dcac147b1]::ScopedKey<rustc_span[2d5555579096f1fe]::SessionGlobals>>::set::<rustc_interface[f89f8228a4e35bc7]::util::setup_callbacks_and_run_in_thread_pool_with_globals<rustc_interface[f89f8228a4e35bc7]::interface::run_compiler<core[cc79c391059f8e46]::result::Result<(), rustc_errors[c8a333c965fedc03]::ErrorReported>, rustc_driver[e620c7401644acc4]::run_compiler::{closure#1}>::{closure#0}, core[cc79c391059f8e46]::result::Result<(), rustc_errors[c8a333c965fedc03]::ErrorReported>>::{closure#0}::{closure#0}, core[cc79c391059f8e46]::result::Result<(), rustc_errors[c8a333c965fedc03]::ErrorReported>>
  27:     0x7f0365a03ec5 - std[a5529df289459975]::sys_common::backtrace::__rust_begin_short_backtrace::<rustc_interface[f89f8228a4e35bc7]::util::setup_callbacks_and_run_in_thread_pool_with_globals<rustc_interface[f89f8228a4e35bc7]::interface::run_compiler<core[cc79c391059f8e46]::result::Result<(), rustc_errors[c8a333c965fedc03]::ErrorReported>, rustc_driver[e620c7401644acc4]::run_compiler::{closure#1}>::{closure#0}, core[cc79c391059f8e46]::result::Result<(), rustc_errors[c8a333c965fedc03]::ErrorReported>>::{closure#0}, core[cc79c391059f8e46]::result::Result<(), rustc_errors[c8a333c965fedc03]::ErrorReported>>
  28:     0x7f0365a00032 - <<std[a5529df289459975]::thread::Builder>::spawn_unchecked<rustc_interface[f89f8228a4e35bc7]::util::setup_callbacks_and_run_in_thread_pool_with_globals<rustc_interface[f89f8228a4e35bc7]::interface::run_compiler<core[cc79c391059f8e46]::result::Result<(), rustc_errors[c8a333c965fedc03]::ErrorReported>, rustc_driver[e620c7401644acc4]::run_compiler::{closure#1}>::{closure#0}, core[cc79c391059f8e46]::result::Result<(), rustc_errors[c8a333c965fedc03]::ErrorReported>>::{closure#0}, core[cc79c391059f8e46]::result::Result<(), rustc_errors[c8a333c965fedc03]::ErrorReported>>::{closure#1} as core[cc79c391059f8e46]::ops::function::FnOnce<()>>::call_once::{shim:vtable#0}
  29:     0x7f036340f9c3 - <alloc::boxed::Box<F,A> as core::ops::function::FnOnce<Args>>::call_once::h771719d52c343434
                               at /rustc/46b8e7488eae116722196e8390c1bd2ea2e396cf/library/alloc/src/boxed.rs:1691:9
  30:     0x7f036340f9c3 - <alloc::boxed::Box<F,A> as core::ops::function::FnOnce<Args>>::call_once::hf441746dfa4b0f57
                               at /rustc/46b8e7488eae116722196e8390c1bd2ea2e396cf/library/alloc/src/boxed.rs:1691:9
  31:     0x7f036340f9c3 - std::sys::unix::thread::Thread::new::thread_start::hfd168f9d312b29ca
                               at /rustc/46b8e7488eae116722196e8390c1bd2ea2e396cf/library/std/src/sys/unix/thread.rs:106:17
  32:     0x7f036330e259 - start_thread
  33:     0x7f03630f15e3 - __GI___clone
  34:                0x0 - <unknown>

error: internal compiler error: unexpected panic

note: the compiler unexpectedly panicked. this is a bug.

note: we would appreciate a bug report: https://github.com/rust-lang/rust/issues/new?labels=C-bug%2C+I-ICE%2C+T-compiler&template=ice.md

note: rustc 1.58.0-nightly (46b8e7488 2021-11-07) running on x86_64-unknown-linux-gnu

note: compiler flags: -C embed-bitcode=no -C debuginfo=2 -C incremental --crate-type bin

note: some of the compiler flags provided by cargo are hidden

query stack during panic:
end of query stack

@RalfJung
Copy link
Member

Ah, this is a bug I introduced when I reordered some code in Miri's copy implementation... we now do prepare_relocation_copy before we ensure that there are no relocations on the edges of the copy range.

Here's a reproducer not relying on Miri:

#![feature(const_ptr_read)]
#![feature(const_ptr_offset)]

const C: () = unsafe {
    let foo = Some(&42 as *const i32);
    (&foo as *const _ as *const u8).add(12).read();
};

fn main() {
}

@RalfJung RalfJung mentioned this issue Nov 14, 2021
Merged
matthiaskrgr added a commit to matthiaskrgr/rust that referenced this issue Nov 14, 2021
@matthiaskrgr
Rollup merge of rust-lang#90892 - RalfJung:miri-partial-ptr-copy, r=o…
cf1f1a2 
…li-obk

fix ICE on Miri/CTFE copy of half a pointer

Fixes rust-lang/miri#1910
r? `@oli-obk`
workingjubilee added a commit to workingjubilee/rustc that referenced this issue Nov 15, 2021
@workingjubilee
Rollup merge of rust-lang#90892 - RalfJung:miri-partial-ptr-copy, r=o…
3143581 
…li-obk

fix ICE on Miri/CTFE copy of half a pointer

Fixes rust-lang/miri#1910
r? ``@oli-obk``
workingjubilee added a commit to workingjubilee/rustc that referenced this issue Nov 15, 2021
@workingjubilee
Rollup merge of rust-lang#90892 - RalfJung:miri-partial-ptr-copy, r=o…
222ea41 
…li-obk

fix ICE on Miri/CTFE copy of half a pointer

Fixes rust-lang/miri#1910
r? ```@oli-obk```
matthiaskrgr added a commit to matthiaskrgr/rust that referenced this issue Nov 15, 2021
@matthiaskrgr
Rollup merge of rust-lang#90892 - RalfJung:miri-partial-ptr-copy, r=o…
a4d4a7f 
…li-obk

fix ICE on Miri/CTFE copy of half a pointer

Fixes rust-lang/miri#1910
r? ````@oli-obk````
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix ICE on Miri/CTFE copy of half a pointer RalfJung/rust
2 participants
@RalfJung @nipzu