diff options
| author | 许杰友 Jieyou Xu (Joe) <39484203+jieyouxu@users.noreply.github.com> | 2025-07-22 00:54:30 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-07-22 00:54:30 +0800 |
| commit | 9e9399fcf885e2d15cbb2157459802f365428aaa (patch) | |
| tree | 237866eb5d8f33fb7e4202a8f91f0ca4d43c921a /src/tools | |
| parent | 0fd009ffe459bd121629c893446525eff6f1c8fe (diff) | |
| parent | 3f9be406a6fd879a99a0eba33cc196fa2cb3957b (diff) | |
| download | rust-9e9399fcf885e2d15cbb2157459802f365428aaa.tar.gz rust-9e9399fcf885e2d15cbb2157459802f365428aaa.zip | |
Rollup merge of #144187 - RalfJung:type-id-base-addr, r=oli-obk
fix handling of base address for TypeId allocations This fixes the problems discovered by ````@theemathas```` in https://github.com/rust-lang/rust/pull/142789: - const-eval would sometimes consider TypeId pointers to be null - the type ID is different in Miri than in regular executions Both boil down to the same issue: the TypeId "allocation" has a guaranteed 0 base address, but const-eval assumes it was non-zero (like normal allocations) and Miri randomized it (like normal allocations). r? ````@oli-obk````
Diffstat (limited to 'src/tools')
| -rw-r--r-- | src/tools/miri/src/alloc_addresses/mod.rs | 58 | ||||
| -rw-r--r-- | src/tools/miri/src/borrow_tracker/stacked_borrows/mod.rs | 4 | ||||
| -rw-r--r-- | src/tools/miri/src/borrow_tracker/tree_borrows/mod.rs | 2 |
3 files changed, 37 insertions, 27 deletions
diff --git a/src/tools/miri/src/alloc_addresses/mod.rs b/src/tools/miri/src/alloc_addresses/mod.rs index 10339928ac2..334503d2994 100644 --- a/src/tools/miri/src/alloc_addresses/mod.rs +++ b/src/tools/miri/src/alloc_addresses/mod.rs @@ -116,14 +116,6 @@ trait EvalContextExtPriv<'tcx>: crate::MiriInterpCxExt<'tcx> { let this = self.eval_context_ref(); let info = this.get_alloc_info(alloc_id); - // Miri's address assignment leaks state across thread boundaries, which is incompatible - // with GenMC execution. So we instead let GenMC assign addresses to allocations. - if let Some(genmc_ctx) = this.machine.data_race.as_genmc_ref() { - let addr = genmc_ctx.handle_alloc(&this.machine, info.size, info.align, memory_kind)?; - return interp_ok(addr); - } - - let mut rng = this.machine.rng.borrow_mut(); // This is either called immediately after allocation (and then cached), or when // adjusting `tcx` pointers (which never get freed). So assert that we are looking // at a live allocation. This also ensures that we never re-assign an address to an @@ -131,6 +123,19 @@ trait EvalContextExtPriv<'tcx>: crate::MiriInterpCxExt<'tcx> { // information was removed. assert!(!matches!(info.kind, AllocKind::Dead)); + // TypeId allocations always have a "base address" of 0 (i.e., the relative offset is the + // hash fragment and therefore equal to the actual integer value). + if matches!(info.kind, AllocKind::TypeId) { + return interp_ok(0); + } + + // Miri's address assignment leaks state across thread boundaries, which is incompatible + // with GenMC execution. So we instead let GenMC assign addresses to allocations. + if let Some(genmc_ctx) = this.machine.data_race.as_genmc_ref() { + let addr = genmc_ctx.handle_alloc(&this.machine, info.size, info.align, memory_kind)?; + return interp_ok(addr); + } + // This allocation does not have a base address yet, pick or reuse one. if !this.machine.native_lib.is_empty() { // In native lib mode, we use the "real" address of the bytes for this allocation. @@ -157,7 +162,7 @@ trait EvalContextExtPriv<'tcx>: crate::MiriInterpCxExt<'tcx> { this.get_alloc_bytes_unchecked_raw(alloc_id)? } } - AllocKind::Function | AllocKind::Virtual => { + AllocKind::Function | AllocKind::VTable => { // Allocate some dummy memory to get a unique address for this function/vtable. let alloc_bytes = MiriAllocBytes::from_bytes( &[0u8; 1], @@ -169,12 +174,13 @@ trait EvalContextExtPriv<'tcx>: crate::MiriInterpCxExt<'tcx> { std::mem::forget(alloc_bytes); ptr } - AllocKind::Dead => unreachable!(), + AllocKind::TypeId | AllocKind::Dead => unreachable!(), }; // We don't have to expose this pointer yet, we do that in `prepare_for_native_call`. return interp_ok(base_ptr.addr().to_u64()); } // We are not in native lib mode, so we control the addresses ourselves. + let mut rng = this.machine.rng.borrow_mut(); if let Some((reuse_addr, clock)) = global_state.reuse.take_addr( &mut *rng, info.size, @@ -295,21 +301,25 @@ pub trait EvalContextExt<'tcx>: crate::MiriInterpCxExt<'tcx> { // Store address in cache. global_state.base_addr.try_insert(alloc_id, base_addr).unwrap(); - // Also maintain the opposite mapping in `int_to_ptr_map`, ensuring we keep it sorted. - // We have a fast-path for the common case that this address is bigger than all previous ones. - let pos = if global_state - .int_to_ptr_map - .last() - .is_some_and(|(last_addr, _)| *last_addr < base_addr) - { - global_state.int_to_ptr_map.len() - } else { - global_state + // Also maintain the opposite mapping in `int_to_ptr_map`, ensuring we keep it + // sorted. We have a fast-path for the common case that this address is bigger than + // all previous ones. We skip this for allocations at address 0; those can't be + // real, they must be TypeId "fake allocations". + if base_addr != 0 { + let pos = if global_state .int_to_ptr_map - .binary_search_by_key(&base_addr, |(addr, _)| *addr) - .unwrap_err() - }; - global_state.int_to_ptr_map.insert(pos, (base_addr, alloc_id)); + .last() + .is_some_and(|(last_addr, _)| *last_addr < base_addr) + { + global_state.int_to_ptr_map.len() + } else { + global_state + .int_to_ptr_map + .binary_search_by_key(&base_addr, |(addr, _)| *addr) + .unwrap_err() + }; + global_state.int_to_ptr_map.insert(pos, (base_addr, alloc_id)); + } interp_ok(base_addr) } diff --git a/src/tools/miri/src/borrow_tracker/stacked_borrows/mod.rs b/src/tools/miri/src/borrow_tracker/stacked_borrows/mod.rs index e834fdffdd1..2977efaae04 100644 --- a/src/tools/miri/src/borrow_tracker/stacked_borrows/mod.rs +++ b/src/tools/miri/src/borrow_tracker/stacked_borrows/mod.rs @@ -650,7 +650,7 @@ trait EvalContextPrivExt<'tcx, 'ecx>: crate::MiriInterpCxExt<'tcx> { dcx.log_protector(); } }, - AllocKind::Function | AllocKind::Virtual | AllocKind::Dead => { + AllocKind::Function | AllocKind::VTable | AllocKind::TypeId | AllocKind::Dead => { // No stacked borrows on these allocations. } } @@ -1021,7 +1021,7 @@ pub trait EvalContextExt<'tcx>: crate::MiriInterpCxExt<'tcx> { trace!("Stacked Borrows tag {tag:?} exposed in {alloc_id:?}"); alloc_extra.borrow_tracker_sb().borrow_mut().exposed_tags.insert(tag); } - AllocKind::Function | AllocKind::Virtual | AllocKind::Dead => { + AllocKind::Function | AllocKind::VTable | AllocKind::TypeId | AllocKind::Dead => { // No stacked borrows on these allocations. } } diff --git a/src/tools/miri/src/borrow_tracker/tree_borrows/mod.rs b/src/tools/miri/src/borrow_tracker/tree_borrows/mod.rs index aa92f8a8c30..ad2a67160f4 100644 --- a/src/tools/miri/src/borrow_tracker/tree_borrows/mod.rs +++ b/src/tools/miri/src/borrow_tracker/tree_borrows/mod.rs @@ -673,7 +673,7 @@ pub trait EvalContextExt<'tcx>: crate::MiriInterpCxExt<'tcx> { trace!("Tree Borrows tag {tag:?} exposed in {alloc_id:?}"); alloc_extra.borrow_tracker_tb().borrow_mut().expose_tag(tag); } - AllocKind::Function | AllocKind::Virtual | AllocKind::Dead => { + AllocKind::Function | AllocKind::VTable | AllocKind::TypeId | AllocKind::Dead => { // No tree borrows on these allocations. } } |