-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CString::into_raw() trigger miri #62553
Comments
/cc @RalfJung |
fn into_inner(self) -> Box<[u8]> {
unsafe {
let result = std::mem::MaybeUninit::new(std::ptr::read(&self.inner));
std::mem::forget(self);
result.assume_init()
}
} Should be ok for me but it's still trigger miri |
On a first glance this looks like an issue I have seen before, where the problem is that let mut local = 0;
let x = &mut local;
let raw = x as *mut _; // create raw pointer
some_function(x); // use x, re-asserting that x is unique
let _val = *raw; // use raw pointer -- UB because that would violate x's uniqueness |
What about: fn into_inner(self) -> Box<[u8]> {
use ::std::{mem::MaybeUninit, ptr};
unsafe {
type T = Box<[u8]>;
let inner = ptr::read(&mut self.inner as *mut T as *const MaybeUninit<T>);
std::mem::forget(self);
inner.assume_init()
}
} |
That's basically a transmute, but with even fewer compiler-level checks. At that point I'd just recommend transmuting |
Isn't transmuting |
There's in fact a safe method for it, called But my suggestion does not involve // self: CString, which is just a newtype around Box<[u8]>.
fn into_inner(self) -> Box<[u8]> {
unsafe {
mem::transmute(self)
}
} |
While using |
This leads to @Stargateur 's suggestion, which seems to trigger Miri nevertheless.
This indeed solves the problem here, but I was wondering about the more general pattern (See this URLO post): what if, for instance, Another idea (again, considering that fn into_inner (self) -> Box<[u8]>
{
use ::core::{mem::MaybeUninit, ptr};
let this = MaybeUninit::new(self);
unsafe {
ptr::read(&mut (*this.as_mut_ptr()).inner)
}
} |
@danielhenrymantilla fn into_inner(self) -> Box<[u8]> {
let this = mem::ManuallyDrop::new(self);
unsafe {
ptr::read(&this.inner)
}
} |
So we have 2 clean solutions that doesn't trigger miri what do we pick ? |
This simple code should not trigger any error, except a leak of course. But miri report an error before:
First, I suspected a miri bug but look like the code of
CString
could be the problem, I don't really understand the code of theinto_inner()
call byinto_raw()
.Is this code correct and it's a miri bug or the code is incorrect ?
@matklad as you write the code maybe you want be ping.
The text was updated successfully, but these errors were encountered: