Extend Miri to correctly pass mutable pointers through FFI #133211
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rustbot
added
S-waiting-on-review
|
Some changes occurred to the CTFE / Miri interpreter cc @rust-lang/miri, @rust-lang/wg-const-eval Some changes occurred to the CTFE machinery cc @rust-lang/wg-const-eval The Miri subtree was changed cc @rust-lang/miri Some changes occurred to the CTFE / Miri interpreter cc @rust-lang/miri |
|
There are still some TODOs I need to get to, but this should make review easier. |
This comment has been minimized.
This comment has been minimized.
RalfJung
reviewed
Nov 21, 2024
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
RalfJung
reviewed
Nov 24, 2024
compiler/rustc_middle/src/mir/interpret/allocation/provenance_map.rs
Outdated
Show resolved
Hide resolved
RalfJung
reviewed
Nov 26, 2024
RalfJung
reviewed
Nov 26, 2024
RalfJung
reviewed
Nov 29, 2024
RalfJung
reviewed
Nov 29, 2024
RalfJung
reviewed
Nov 29, 2024
RalfJung
reviewed
Nov 29, 2024
RalfJung
reviewed
Nov 29, 2024
RalfJung
reviewed
Nov 29, 2024
RalfJung
reviewed
Nov 29, 2024
|
@rustbot author |
rustbot
added
S-waiting-on-author
|
Okay that should be it. :) |
Co-authored-by: Ralf Jung <[email protected]>
Strophox
force-pushed
the
miri-correct-state-update-ffi
branch
from
3ee246e to
712ceab
Compare
|
Thanks, this is good to go now! @bors r+ |
bors
added
S-waiting-on-bors
matthiaskrgr
added a commit
to matthiaskrgr/rust
that referenced
this pull request
Dec 6, 2024
…-ffi, r=RalfJung Extend Miri to correctly pass mutable pointers through FFI Based off of rust-lang#129684, this PR further extends Miri to execute native calls that make use of pointers to *mutable* memory. We adapt Miri's bookkeeping of internal state upon any FFI call that gives external code permission to mutate memory. Native code may now possibly write and therefore initialize and change the pointer provenance of bytes it has access to: Such memory is assumed to be *initialized* afterwards and bytes are given *arbitrary (wildcard) provenance*. This enables programs that correctly use mutating FFI calls to run Miri without errors, at the cost of possibly missing Undefined Behaviour caused by incorrect usage of mutating FFI. > <details> > > <summary> Simple example </summary> > > ```rust > extern "C" { > fn init_int(ptr: *mut i32); > } > > fn main() { > let mut x = std::mem::MaybeUninit::<i32>::uninit(); > let x = unsafe { > init_int(x.as_mut_ptr()); > x.assume_init() > }; > > println!("C initialized my memory to: {x}"); > } > ``` > ```c > void init_int(int *ptr) { > *ptr = 42; > } > ``` > should now show `C initialized my memory to: 42`. > > </details> r? `@RalfJung`
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Dec 6, 2024
…iaskrgr Rollup of 5 pull requests Successful merges: - rust-lang#130777 (rust_for_linux: -Zreg-struct-return commandline flag for X86 (rust-lang#116973)) - rust-lang#133211 (Extend Miri to correctly pass mutable pointers through FFI) - rust-lang#133294 (crashes: more tests) - rust-lang#133790 (Improve documentation for Vec::extend_from_within) - rust-lang#133930 (rustbook: update to use new mdbook-trpl package from The Book) r? `@ghost` `@rustbot` modify labels: rollup
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Dec 6, 2024
…iaskrgr Rollup of 5 pull requests Successful merges: - rust-lang#130777 (rust_for_linux: -Zreg-struct-return commandline flag for X86 (rust-lang#116973)) - rust-lang#133211 (Extend Miri to correctly pass mutable pointers through FFI) - rust-lang#133790 (Improve documentation for Vec::extend_from_within) - rust-lang#133930 (rustbook: update to use new mdbook-trpl package from The Book) - rust-lang#133931 (Only allow PassMode::Direct for aggregates on wasm when using the C ABI) r? `@ghost` `@rustbot` modify labels: rollup
rust-timer
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Dec 6, 2024
Rollup merge of rust-lang#133211 - Strophox:miri-correct-state-update-ffi, r=RalfJung Extend Miri to correctly pass mutable pointers through FFI Based off of rust-lang#129684, this PR further extends Miri to execute native calls that make use of pointers to *mutable* memory. We adapt Miri's bookkeeping of internal state upon any FFI call that gives external code permission to mutate memory. Native code may now possibly write and therefore initialize and change the pointer provenance of bytes it has access to: Such memory is assumed to be *initialized* afterwards and bytes are given *arbitrary (wildcard) provenance*. This enables programs that correctly use mutating FFI calls to run Miri without errors, at the cost of possibly missing Undefined Behaviour caused by incorrect usage of mutating FFI. > <details> > > <summary> Simple example </summary> > > ```rust > extern "C" { > fn init_int(ptr: *mut i32); > } > > fn main() { > let mut x = std::mem::MaybeUninit::<i32>::uninit(); > let x = unsafe { > init_int(x.as_mut_ptr()); > x.assume_init() > }; > > println!("C initialized my memory to: {x}"); > } > ``` > ```c > void init_int(int *ptr) { > *ptr = 42; > } > ``` > should now show `C initialized my memory to: 42`. > > </details> r? ``@RalfJung``
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Based off of #129684, this PR further extends Miri to execute native calls that make use of pointers to mutable memory.
We adapt Miri's bookkeeping of internal state upon any FFI call that gives external code permission to mutate memory.
Native code may now possibly write and therefore initialize and change the pointer provenance of bytes it has access to: Such memory is assumed to be initialized afterwards and bytes are given arbitrary (wildcard) provenance. This enables programs that correctly use mutating FFI calls to run Miri without errors, at the cost of possibly missing Undefined Behaviour caused by incorrect usage of mutating FFI.
r? @RalfJung