Dereference pointers in shims as correct types #2661
Conversation
|
Do you have some concrete examples that failed before this PR? I have a hard time coming envisioning what this PR is actually doing. |
|
I tens to agree that if we can avoid trusting the user types, that is better. I was just too lazy to manually define the type each time... But I like the idea of taking the type from libc or std!
Did you just solve #1123 as well in this? Nice!
|
|
Instead of switching to using hardcoded types in miri, could we just verify the layout matches what we expect and keep the existing logic? Making wrong types an error instead of assuming types |
|
For raw ptr functions, wrong types are not really an error. Conceptually we should just tell Miri to read/write things at a given fixed offset, but that quickly gets annoying -- so this PR essentially uses the libc/std types to determine that offset. |
|
Hmm I guess that makes sense, but still sad. Would it maybe be good to nudge people with a warning? |
|
At least on Windows people can't use the exact std type as those are private (and indeed #2136 was caused by two different call sites using two different but equally valid types). |
Here's one for windows. While I don't think anybody would actually do this, it still should work. extern "system" {
// this is completely legal, FILETIME has the same size and lower alignment than u64
fn GetSystemTimeAsFileTime(out: *mut u64);
}
fn main() {
unsafe {
GetSystemTimeAsFileTime(&mut 0);
}
} |
|
☔ The latest upstream changes (presumably #2663) made this pull request unmergeable. Please resolve the merge conflicts. |
…=oli-obk interpret: make check_mplace public This helps avoid code duplication in rust-lang/miri#2661.
…=oli-obk interpret: make check_mplace public This helps avoid code duplication in rust-lang/miri#2661.
|
@drmeepster could you rebase? Now |
beepster4096
changed the title
|
I noticed that almost every use of |
beepster4096
force-pushed
the
deref_operand_as
branch
from
0766ffd to
7ab34da
Compare
|
☔ The latest upstream changes (presumably 3162b7a) made this pull request unmergeable. Please resolve the merge conflicts. |
|
We unfortunately had to force-push to Miri. Could you rebase this to new master? Let me know if you need help wrestling with git. |
beepster4096
force-pushed
the
deref_operand_as
branch
from
7ab34da to
a7e333f
Compare
|
Rebase done, review comments not addressed yet. |
|
@rustbot author |
rustbot
added
the
S-waiting-on-author
|
☔ The latest upstream changes (presumably #2696) made this pull request unmergeable. Please resolve the merge conflicts. |
beepster4096
force-pushed
the
deref_operand_as
branch
from
a7e333f to
d537ab9
Compare
|
Its been a while, sorry. Rebased and comments addressed. |
|
Just trying something here, please ignore. |
oli-obk
added
S-waiting-on-review
|
@bors delegate- |
|
@bors r+ |
|
☀️ Test successful - checks-actions |
1 similar comment
|
☀️ Test successful - checks-actions |
Currently, shims will dereference pointers as the type written by the user. This can cause false positives, incorrect behavior such as #2136, and even ICEs if a field is not present.
This PR fixes this by having shims dereference pointers with types from
stdorlibcthat we can rely on the layout and field names of instead of with whatever the user passed in.Fixes #1123