don't report memory leaks for static data #940
Comments
|
Oh, heh. I never thought about heap pointers being leaked into statics. Also calls to Maybe we should, before running the check, recursively mark anything reachable by a static as static itself. And we should add a hook to |
RalfJung
added
A-interpreter
|
We probably also should make the leak check optional. A quick solution would be
Why that? I think our leak check should trigger for |
I assumed that I'm assuming My statement came from assuming that people don't use Nixing the entire leak check, just because some code found it ok to leak a single value out of lazy static like reasons, seems a bit extreme. |
No they are not (the former disallows accesses through other aliases).
I see. It would seem odd though, I think, to enshrine this in the operational semantics.
We could also have a magic crazy intrinsic "tell Miri this here is allowed to leak"... I think I will regret suggesting this, though. ;) |
|
I just ran into another instance of this. The following program is considered leaking: fn main() {
let _val = 0;
// Capture something to make closure a non-ZST
std::panic::set_hook(Box::new(move |_info| { _val; }));
} |
These are probably spurious; see crossbeam-rs/crossbeam#464 and spacejam/sled#937 (comment) And besides, we're now running both the leak sanitizer and the address sanitizer.
|
On Windows, we need this even to get an empty |
Now that rust-lang/miri#940 has been fixed, and has landed in nightly (rust-lang/rust#70897), we should be able to run miri with leak check enabled again!
99: miri: enable leakcheck r=matklad a=RalfJung rust-lang/miri#940 is fixed, so we should be able to enable the leak checker now. :) (However, we'll have to wait until rust-lang/rust#70897 lands so that this is available via rustup.) Co-authored-by: Ralf Jung <post@ralfj.de>
|
Hmm, I still get a reported leak through |
|
Ah, quite possible! I think |
|
They might also be using |
|
I suspect the offender here might be I suspect it was stored as a Is that also legal for
|
It is only legal for raw pointers -- references must be aligned, so their last bits must be 0. |
|
Sorry, yes, I meant the "also" in comparison to |
|
Ah, yes raw pointers may be NULL, dangling and unaligned, that is fine, as long as they do not get dereferenced ( |
|
Digging some more into this, it's actually tricky to make |
|
Yeah, that sounds tricky indeed. Hm. |
|
Especially since it seems these were once supported, and then removed: rust-lang/rust#10154 |
Pointers stored as `usize` tend to cause miri to lose pointer provenance tracking, which means we can't take advantage of its checking! See also the discussion at rust-lang/miri#940 (comment). This does not yet compile since `AtomicPtr` does not have `fetch_*` methods. They were added and then removed from the standard library back in the day (rust-lang/rust#10154), but I think the reason they were removed has now been remedied, so they will hopefully come back again!
|
Honestly I am not sure any of this will suffice. XOR is fundamentally an integer operation that loses provenance, and while we could re-introduce awful hacks in Miri that enable provenance tracking over XOR, I do not think that is a good idea. |
|
See |
|
crossbeam only specifically does xor of the alignment bits though, not of the "real" part of the pointer. Though I recognize that that might not really help 😅 It would be really sad if miri simply could not support checking |
Yeah, I agree that would be sad. |
|
To avoid continuing this discussion in a closed issue, I opened #1318. |
Now that rust-lang/miri#940 has been fixed, and has landed in nightly (rust-lang/rust#70897), we should be able to run miri with leak check enabled again!
Currently, miri reports a memory leak for a
staticwith heap allocated data. This is somewhat expected, as statics don't run destructors and indeed leak memory. However, this is not error, and ideally shouldn't be reported by miri as such.See matklad/once_cell@327f4e2 for an example.
The text was updated successfully, but these errors were encountered: