Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

avoid mixing accesses of ptrs derived from a mutable ref and parent ptrs #107954

Merged
merged 1 commit into from
Feb 13, 2023
Merged

avoid mixing accesses of ptrs derived from a mutable ref and parent ptrs #107954

merged 1 commit into from
Feb 13, 2023

Conversation

RalfJung
Copy link
Member

@Vanille-N is working on a successor for Stacked Borrows. It will mostly accept strictly more code than Stacked Borrows did, with one exception: the following pattern no longer works.

let mut root = 6u8;
let mref = &mut root;
let ptr = mref as *mut u8;
*ptr = 0; // Write
assert_eq!(root, 0); // Parent Read
*ptr = 0; // Attempted Write

This worked in Stacked Borrows kind of by accident: when doing the "parent read", under SB we Disable mref, but the raw ptrs derived from it remain usable. The fact that we can still use the "children" of a reference that is no longer usable is quite nasty and leads to some undesirable effects (in particular it is the major blocker for resolving rust-lang/unsafe-code-guidelines#257). So in Tree Borrows we no longer do that; instead, reading from root makes mref and all its children read-only.

Due to other improvements in Tree Borrows, the entire Miri test suite still passes with this new behavior, and even the entire libcore and liballoc test suite, except for these 2 cases this PR fixes. Both of these involve code where the programmer wrote &mut but then used pointers derived from that reference in ways that alias with the parent pointer, which arguably is violating uniqueness. They are fixed by properly using raw pointers throughout.

@rustbot
Copy link
Collaborator

rustbot commented Feb 12, 2023

r? @m-ou-se

(rustbot has picked a reviewer for you, use r? to override)

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-libs Relevant to the library team, which will review and decide on the PR/issue. labels Feb 12, 2023
@rustbot
Copy link
Collaborator

rustbot commented Feb 12, 2023

Hey! It looks like you've submitted a new PR for the library teams!

If this PR contains changes to any rust-lang/rust public library APIs then please comment with @rustbot label +T-libs-api -T-libs to tag it appropriately. If this PR contains changes to any unstable APIs please edit the PR description to add a link to the relevant API Change Proposal or create one if you haven't already. If you're unsure where your change falls no worries, just leave it as is and the reviewer will take a look and make a decision to forward on if necessary.

Examples of T-libs-api changes:

  • Stabilizing library features
  • Introducing insta-stable changes such as new implementations of existing stable traits on existing stable types
  • Introducing new or changing existing unstable library APIs (excluding permanently unstable features / features without a tracking issue)
  • Changing public documentation in ways that create new stability guarantees
  • Changing observable runtime behavior of library APIs

@m-ou-se
Copy link
Member

m-ou-se commented Feb 12, 2023

@bors r+ rollup

@bors
Copy link
Contributor

bors commented Feb 12, 2023

📌 Commit c3a2e7a has been approved by m-ou-se

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Feb 12, 2023
matthiaskrgr added a commit to matthiaskrgr/rust that referenced this pull request Feb 12, 2023
@matthiaskrgr
Rollup merge of rust-lang#107954 - RalfJung:tree-borrows-fix, r=m-ou-se
2865128 
avoid mixing accesses of ptrs derived from a mutable ref and parent ptrs

`@Vanille-N` is working on a successor for Stacked Borrows. It will mostly accept strictly more code than Stacked Borrows did, with one exception: the following pattern no longer works.
```rust
let mut root = 6u8;
let mref = &mut root;
let ptr = mref as *mut u8;
*ptr = 0; // Write
assert_eq!(root, 0); // Parent Read
*ptr = 0; // Attempted Write
```
This worked in Stacked Borrows kind of by accident: when doing the "parent read", under SB we Disable `mref`, but the raw ptrs derived from it remain usable. The fact that we can still use the "children" of a reference that is no longer usable is quite nasty and leads to some undesirable effects (in particular it is the major blocker for resolving rust-lang/unsafe-code-guidelines#257). So in Tree Borrows we no longer do that; instead, reading from `root` makes `mref` and all its children read-only.

Due to other improvements in Tree Borrows, the entire Miri test suite still passes with this new behavior, and even the entire libcore and liballoc test suite, except for these 2 cases this PR fixes. Both of these involve code where the programmer wrote `&mut` but then used pointers derived from that reference in ways that alias with the parent pointer, which arguably is violating uniqueness. They are fixed by properly using raw pointers throughout.
@matthiaskrgr matthiaskrgr mentioned this pull request Feb 12, 2023
Closed
@matthiaskrgr matthiaskrgr mentioned this pull request Feb 12, 2023
Merged
bors added a commit to rust-lang-ci/rust that referenced this pull request Feb 12, 2023
@bors
Auto merge of rust-lang#107967 - matthiaskrgr:rollup-7wvbla5, r=matth…
59083c5 
…iaskrgr

Rollup of 8 pull requests

Successful merges:

 - rust-lang#107748 (refer to new home)
 - rust-lang#107842 (Patch `build/rustfmt/lib/*.so` for NixOS)
 - rust-lang#107930 (Improve JS function itemTypeFromName code a bit)
 - rust-lang#107934 (rustdoc: account for intra-doc links in `<meta name="description">`)
 - rust-lang#107943 (Document `PointerLike`)
 - rust-lang#107954 (avoid mixing accesses of ptrs derived from a mutable ref and parent ptrs)
 - rust-lang#107955 (fix UB in ancient test)
 - rust-lang#107964 (rustdoc: use tighter line height in h1 and h2)

Failed merges:

r? `@ghost`
`@rustbot` modify labels: rollup
@bors bors merged commit 454ae9f into rust-lang:master Feb 13, 2023
@rustbot rustbot added this to the 1.69.0 milestone Feb 13, 2023
@RalfJung RalfJung deleted the tree-borrows-fix branch February 13, 2023 15:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@m-ou-se m-ou-se

Labels
S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-libs Relevant to the library team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
1.69.0
Development

Successfully merging this pull request may close these issues.
4 participants
@RalfJung @rustbot @m-ou-se @bors