-
Notifications
You must be signed in to change notification settings - Fork 349
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What does -Zmiri-disable-validation mean for pointers from transmutes (now?) #2163
Comments
The problem is that the term "valid" is awfully overloaded.^^ "disable-validation" specifically refers to checking the "validity invariant", which says things like "2 is not a valid Your example program violates a different UB clause, namely the one which says "Evaluating a dereference expression (*expr) on a raw pointer that is dangling or unaligned". The flag does not affect checking that UB clause. And indeed, the reason this pointer is dangling is that pointers created via |
When an access is invalid, Miri doesn't have a clue whether a different provenance could have made the access valid -- and at least in general, that is quite hard to detect as well. All it can say is "this address with this provenance doesn't work". Maybe it should print the pointer as |
I think it would be a nice improvement to note these two kinds of validity in the docs and always print pointers with their provenance. Though I'm not yet sold on that syntax and at this point we definitely need a glossary. But I also think the English part of this could do with a bit of adjustment. To my brain at least, the pointer itself is perfectly valid, but all dereferences of it are invalid. Or just this dereference is invalid. So it would be nice to see the error distinguish between the validity of the pointer itself and the dereference of it. |
So are you suggesting we rename |
I think that name could be better. The point of that function is to create a But I don't think we need to rename that function to improve things here. An error that says "0x1234[noalloc] is invalid for read/write/offset because it has no provenance" would be a nice reuse of the wording in the docs for Then for pointers that have a provenance we could say "0x1234[alloc567] is invalid for read/write/offset because its address is outside its provenance" or something like that. |
adjust dangling-int-ptr error message based on suggestions by `@saethlin` in rust-lang/miri#2163 Fixes rust-lang/miri#2163 I also did a bit of refactoring on this, so we have a helper method to create a `Pointer` with `None` provenance.
adjust dangling-int-ptr error message based on suggestions by ``@saethlin`` in rust-lang/miri#2163 Fixes rust-lang/miri#2163 I also did a bit of refactoring on this, so we have a helper method to create a `Pointer` with `None` provenance.
The README says
Which to me suggests that I shouldn't see errors about how "0xsomething is not a valid pointer", but I do. This program:
produces this error, with
-Zmiri-disable-stacked-borrows -Zmiri-disable-validation
:So for me the problem here is that
val
I see the same error. It should be possible to distinguish between "that's an invalid pointer" and "there's no memory at that address". When I as a somewhat expert Miri user see that error I immediately guess that there is a transmute happening, but when I shared that error message with people some assumed it was a wild pointer access. Perhaps the problem is that the validity issue here has to do with provenance not the address, but Miri prints the address in the diagnostic, absent the lack of provenance which is what makes this invalid.The text was updated successfully, but these errors were encountered: