Skip to content

EarlyOtherwiseBranch can insert storage markers incorrectly, creating use of a dead local #141212

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
saethlin opened this issue May 18, 2025 · 0 comments · May be fixed by #141485
Open

EarlyOtherwiseBranch can insert storage markers incorrectly, creating use of a dead local #141212

saethlin opened this issue May 18, 2025 · 0 comments · May be fixed by #141485
Assignees
@dianqk
Labels
A-mir-opt Area: MIR optimizations A-rustlantis A miscompilation found by Rustlantis C-bug Category: This is a bug. I-miscompile Issue: Correct Rust code lowers to incorrect machine code I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness P-medium Medium priority T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.

Comments

@saethlin
Copy link
Member

Reduced example from rustlantis, which is accepted by Miri using Tree Borrows without optimizations enabled:

#![feature(custom_mir, core_intrinsics)]
#![allow(internal_features)]

use std::intrinsics::mir::*;

#[custom_mir(dialect = "runtime")]
fn main() {
    mir!{
        let _1;
        let _2;
        let _3;
        {
            _1 = 19;
            Goto(bb1)
        }
        bb1 = {
            match _1 {
                19 => bb2,
                _ => bb1,
            }
        }
        bb2 = {
            match _1 {
                19 => bb3,
                _ => bb1,
            }
        }
        bb3 = {
            _2 = _1;
            _3 = &mut _1;
            *_3 = _2;
            _3 = &mut _2;
            Return()
        }
    }
}

If I run this under Miri with -Zmir-enable-passes=+EarlyOtherwiseBranch, I see:

error: Undefined Behavior: accessing a dead local variable
  --> 9632589322447897120.rs:16:13
   |
16 | /             match _1 {
17 | |                 19 => bb2,
18 | |                 _ => bb1,
19 | |             }
   | |_____________^ accessing a dead local variable

The MIR diff for EarlyOtherwiseBranch is:

 fn main() -> () {
     let mut _0: ();
     let mut _1: i32;
     let mut _2: i32;
     let mut _3: &mut i32;
+    let mut _4: bool;
 
     bb0: {
         _1 = const 19_i32;
         goto -> bb1;
     }
 
     bb1: {
-        switchInt(copy _1) -> [19: bb2, otherwise: bb1];
+        StorageLive(_4);
+        _4 = Ne(copy _1, copy _1);
+        StorageDead(_4);
+        switchInt(move _4) -> [0: bb3, otherwise: bb1];
     }
 
     bb2: {
-        switchInt(copy _1) -> [19: bb3, otherwise: bb1];
-    }
-
-    bb3: {
         _2 = copy _1;
         _3 = &mut _1;
         (*_3) = copy _2;
         _3 = &mut _2;
         return;
     }
+
+    bb3: {
+        StorageDead(_4);
+        switchInt(copy _1) -> [19: bb2, otherwise: bb1];
+    }
 }
@saethlin saethlin added the C-bug Category: This is a bug. label May 18, 2025
@rustbot rustbot added the needs-triage This issue may need triage. Remove it if it has been sufficiently triaged. label May 18, 2025
@saethlin saethlin added I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness A-mir-opt Area: MIR optimizations I-miscompile Issue: Correct Rust code lowers to incorrect machine code A-rustlantis A miscompilation found by Rustlantis and removed needs-triage This issue may need triage. Remove it if it has been sufficiently triaged. labels May 18, 2025
@rustbot rustbot added the I-prioritize Issue: Indicates that prioritization has been requested for this issue. label May 18, 2025
@saethlin saethlin added T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. and removed I-prioritize Issue: Indicates that prioritization has been requested for this issue. labels May 18, 2025
@dianqk dianqk self-assigned this May 19, 2025
@apiraino apiraino added the P-medium Medium priority label May 20, 2025
@dianqk dianqk linked a pull request May 24, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dianqk dianqk

Labels
A-mir-opt Area: MIR optimizations A-rustlantis A miscompilation found by Rustlantis C-bug Category: This is a bug. I-miscompile Issue: Correct Rust code lowers to incorrect machine code I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness P-medium Medium priority T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

mir-opt: Do not create storage marks in EarlyOtherwiseBranch dianqk/rust
4 participants
@apiraino @dianqk @saethlin @rustbot