about summary refs log tree commit diff
path: root/src/tools/miri/tests/fail
AgeCommit message (Collapse)AuthorLines
2025-08-19Rollup merge of #145585 - RalfJung:miri-inplace-arg-checks, r=compiler-errors许杰友 Jieyou Xu (Joe)-37/+129
Miri: fix handling of in-place argument and return place handling This fixes two separate bugs (in two separate commits): - If the return place is `_local` and not `*ptr`, we didn't always properly protect it if there were other pointers pointing to that return place. - If two in-place arguments are *the same* local variable, we didn't always detect that aliasing.
2025-08-19miri: detect passing the same local twice as an in-place argumentRalf Jung-0/+92
2025-08-18interpret: fix in-place return place semantics when the return place ↵Ralf Jung-37/+37
expression is a local variable
2025-08-17Auto merge of #144081 - RalfJung:const-ptr-fragments, r=oli-obkbors-7/+96
const-eval: full support for pointer fragments This fixes https://github.com/rust-lang/const-eval/issues/72 and makes `swap_nonoverlapping` fully work in const-eval by enhancing per-byte provenance tracking with tracking of *which* of the bytes of the pointer this one is. Later, if we see all the same bytes in the exact same order, we can treat it like a whole pointer again without ever risking a leak of the data bytes (that encode the offset into the allocation). This lifts the limitation that was discussed quite a bit in https://github.com/rust-lang/rust/pull/137280. For a concrete piece of code that used to fail and now works properly consider this example doing a byte-for-byte memcpy in const without using intrinsics: ```rust use std::{mem::{self, MaybeUninit}, ptr}; type Byte = MaybeUninit<u8>; const unsafe fn memcpy(dst: *mut Byte, src: *const Byte, n: usize) { let mut i = 0; while i < n { *dst.add(i) = *src.add(i); i += 1; } } const _MEMCPY: () = unsafe { let ptr = &42; let mut ptr2 = ptr::null::<i32>(); // Copy from ptr to ptr2. memcpy(&mut ptr2 as *mut _ as *mut _, &ptr as *const _ as *const _, mem::size_of::<&i32>()); assert!(*ptr2 == 42); }; ``` What makes this code tricky is that pointers are "opaque blobs" in const-eval, we cannot just let people look at the individual bytes since *we don't know what those bytes look like* -- that depends on the absolute address the pointed-to object will be placed at. The code above "breaks apart" a pointer into individual bytes, and then puts them back together in the same order elsewhere. This PR implements the logic to properly track how those individual bytes relate to the original pointer, and to recognize when they are in the right order again. We still reject constants where the final value contains a not-fully-put-together pointer: I have no idea how one could construct an LLVM global where one byte is defined as "the 3rd byte of a pointer to that other global over there" -- and even if LLVM supports this somehow, we can leave implementing that to a future PR. It seems unlikely to me anyone would even want this, but who knows.^^ This also changes the behavior of Miri, by tracking the order of bytes with provenance and only considering a pointer to have valid provenance if all bytes are in the original order again. This is related to https://github.com/rust-lang/unsafe-code-guidelines/issues/558. It means one cannot implement XOR linked lists with strict provenance any more, which is however only of theoretical interest. Practically I am curious if anyone will show up with any code that Miri now complains about - that would be interesting data. Cc `@rust-lang/opsem`
2025-08-08Rollup merge of #144579 - joshtriplett:mbe-attr, r=petrochenkovTrevor Gross-1/+1
Implement declarative (`macro_rules!`) attribute macros (RFC 3697) This implements [RFC 3697](https://github.com/rust-lang/rust/issues/143547), "Declarative (`macro_rules!`) attribute macros". I would suggest reading this commit-by-commit. This first introduces the feature gate, then adds parsing for attribute rules (doing nothing with them), then adds the ability to look up and apply `macro_rules!` attributes by path, then adds support for local attributes, then adds a test, and finally makes various improvements to errors.
2025-08-08mbe: In error messages, don't assume attributes are always proc macrosJosh Triplett-1/+1
Now that `macro_rules` macros can define attribute rules, make sure error messages account for that.
2025-08-07Rollup merge of #144903 - Kivooeo:panic_handler-is-not-begin, r=m-ou-seTrevor Gross-22/+22
Rename `begin_panic_handler` to `panic_handler` Part of https://github.com/rust-lang/rust/issues/116005
2025-08-06Print thread ID in panic message if thread name is unknownTrevor Gross-24/+24
`panic!` does not print any identifying information for threads that are unnamed. However, in many cases, the thread ID can be determined. This changes the panic message from something like this: thread '<unnamed>' panicked at src/main.rs:3:5: explicit panic To something like this: thread '<unnamed>' (0xff9bf) panicked at src/main.rs:3:5: explicit panic Stack overflow messages are updated as well. This change applies to both named and unnamed threads. The ID printed is the OS integer thread ID rather than the Rust thread ID, which should also be what debuggers print.
2025-08-04remove begin prefixKivooeo-22/+22
2025-08-04Rollup merge of #144853 - Kivooeo:rust_-cleanup, r=Mark-SimulacrumStuart Cook-11/+11
Remove unnecessary `rust_` prefixes part of https://github.com/rust-lang/rust/issues/116005 Honestly, not sure if this can affect linking somehow, also I didn't touched things like `__rust_panic_cleanup` and `__rust_start_panic` which very likely will break something, so just small cleanup here also didn't changed `rust_panic_without_hook` because it was renamed here https://github.com/rust-lang/rust/pull/144852 r? libs
2025-08-03remove rust_ prefixesKivooeo-11/+11
2025-07-31Allow `dangling_pointers_from_locals` lint in testsUrgau-0/+3
2025-07-30const-eval: full support for pointer fragmentsRalf Jung-7/+96
2025-07-28revert accidental changeRalf Jung-0/+4
2025-07-28Merge commit 'abd9cba5acbcc35fb4cc59ce25580fa1624b5571'Ralf Jung-21/+17
2025-07-27miri: for ABI mismatch errors, say which argument is the problemRalf Jung-21/+17
2025-07-27call_function helper: dont ICE on return type mismatchesRalf Jung-0/+51
2025-07-18Show the memory of uninit readsOli Scherer-43/+50
2025-07-17Report the range of uninit bytes in CTFE errorsOli Scherer-19/+103
2025-07-09miri: fix out-of-bounds error for ptrs with negative offsetsRalf Jung-0/+53
2025-07-02miri: improve errors for type validity assertion failuresRalf Jung-58/+19
2025-06-27Update dangling_pointer_to_raw_pointer.rsleopardracer-1/+1
2025-06-16miri: bless testsDavid Wood-4/+4
These error messages include lines of the standard library which have changed and so need updated.
2025-06-15Merge from rustcRalf Jung-37/+0
2025-06-13Unimplement unsized_localsmejrs-37/+0
2025-06-11Merge pull request #4384 from RalfJung/diag-no-repeatOli Scherer-700/+541
diagnostics: do not repeat the entire message in the span label
2025-06-07bless non-Linux testsRalf Jung-4/+2
2025-06-07make better use of label for data-race and some other errorsRalf Jung-283/+129
2025-06-07diagnostics: do not repeat the entire message in the span labelRalf Jung-508/+505
2025-06-07const-eval error: always say in which item the error occurredRalf Jung-2/+2
also adjust the wording a little so that we don't say "the error occurred here" for two different spans
2025-06-05Rollup merge of #140638 - RalfJung:unsafe-pinned-shared-aliased, ↵Matthias Krüger-0/+115
r=workingjubilee UnsafePinned: also include the effects of UnsafeCell This tackles https://github.com/rust-lang/rust/issues/137750 by including an `UnsafeCell` in `UnsafePinned`, thus imbuing it with all the usual properties of interior mutability (no `noalias` nor `dereferenceable` on shared refs, special treatment by Miri's aliasing model). The soundness issue is not fixed yet because coroutine lowering does not use `UnsafePinned`. The RFC said that `UnsafePinned` would not permit mutability on shared references, but since then, https://github.com/rust-lang/rust/issues/137750 has demonstrated that this is not tenable. In the face of those examples, I propose that we do the "obvious" thing and permit shared mutable state inside `UnsafePinned`. This seems loosely consistent with the fact that we allow going from `Pin<&mut T>` to `&T` (where the former can be aliased with other pointers that perform mutation, and hence the same goes for the latter) -- but the `as_ref` example shows that we in fact would need to add this `UnsafeCell` even if we didn't have a safe conversion to `&T`, since for the compiler and Miri, `&T` and `Pin<&T>` are basically the same type. To make this possible, I had to remove the `Copy` and `Clone` impls for `UnsafePinned`. Tracking issue: https://github.com/rust-lang/rust/issues/125735 Cc ``@rust-lang/lang`` ``@rust-lang/opsem`` ``@Sky9x`` I don't think this needs FCP since the type is still unstable -- we'll finally decide whether we like this approach when `UnsafePinned` is moved towards stabilization (IOW, this PR is reversible). However, I'd still like to make sure that the lang team is okay with the direction I am proposing here.
2025-06-03Rollup merge of #141698 - oli-obk:ctfe-err-flip, r=RalfJungMatthias Krüger-9/+9
Use the informative error as the main const eval error message r? `@RalfJung` I only did the minimal changes necessary to the const eval error machinery. I'd prefer not to mix test changes with refactorings 😆
2025-06-02Clarify why we are talking about a failed const eval at a random placeOli Scherer-3/+3
2025-06-02Use the informative error as the main const eval error messageOli Scherer-9/+9
2025-05-31Merge from rustcThe Miri Cronjob Bot-3/+4
2025-05-30Merge pull request #4314 from yoctocell/fine-grained-trackingRalf Jung-0/+59
TB: Track permissions on the byte-level
2025-05-30Track permissions on the byte-levelXinglu Chen-0/+59
Co-authored-by: Ralf Jung <post@ralfj.de> Co-authored-by: Johannes Hostert <jhostert@ethz.ch>
2025-05-30Change diagnostic wordingtiif-4/+2
2025-05-28atomic_load intrinsic: use const generic parameter for orderingRalf Jung-3/+4
2025-05-28add Miri testsRalf Jung-0/+115
2025-05-27Auto merge of #129658 - saethlin:spare-a-crumb, r=jhprattbors-4/+1
Add some track_caller info to precondition panics Currently, when you encounter a precondition check, you'll always get the caller location of the implementation of the precondition checks. But with this PR, you'll be told the location of the invalid call. Which is useful. I thought of this while looking at https://github.com/rust-lang/rust/pull/129642#issuecomment-2311703898. The changes to `tests/ui/const*` happen because the const-eval interpreter skips `#[track_caller]` frames in its backtraces. The perf implications of this are: * Increased debug binary sizes. The caller_location implementation requires that the additional data we want to display here be stored in const allocations, which are deduplicated but not across crates. There is no impact on optimized build sizes. The panic path and the caller location data get optimized out. * The compile time hit to opt-incr-patched bitmaps happens because the patch changes the line number of some function calls with precondition checks, causing us to go from 0 dirty CGUs to 1 dirty CGU. * The other compile time hits are marginal but real, and due to doing a handful of new queries. Adding more useful data isn't completely free.
2025-05-26Auto merge of #141406 - RalfJung:less-force-allocate, r=oli-obkbors-13/+7
interpret: do not force_allocate all return places A while ago I cleaned up our `PlaceTy` a little, but as a side-effect of that, return places had to always be force-allocated. That turns out to cause quite a few extra allocations, and for a project we are doing where we marry Miri with a model checker, that means a lot of extra work -- local variables are just so much easier to reason about than allocations. So, this PR brings back the ability to have the return place be just a local of the caller. To make this work cleanly I had to rework stack pop handling a bit, which also changes the output of Miri in some cases as the span for errors occurring during a particular phase of stack pop changed. With these changes, a no-std binary with a function of functions that just take and return scalar types and that uses no pointers now does not move *any* local variables into memory. :) r? `@oli-obk`
2025-05-24rename internal panicking::try to catch_unwindRalf Jung-6/+6
2025-05-22interpret: do not force_allocate all return placesRalf Jung-13/+7
2025-05-22enable isolated-stdin test on WindowsRalf Jung-1/+1
2025-05-21Add some track_caller info to precondition panicsBen Kimock-4/+1
2025-05-21Merge pull request #4337 from RalfJung/ioRalf Jung-0/+28
test direct usage of io::{stdout,stderr,stdin}
2025-05-21test direct usage of io::{stdout,stderr,stdin}Ralf Jung-0/+28
2025-05-21Merge from rustcThe Miri Cronjob Bot-16/+10
2025-05-20make std::intrinsic functions actually be intrinsicsRalf Jung-16/+10