Fix all problems encounted with Miri -Ztag-raw-pointers #277
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Miri does not check all of Stacked Borrows (the prototype aliasing model for Rust) without -Zmiri-tag-raw-pointers. This enables the check in CI, and makes a few adjustments to fix places where pointers were invalidated by construction or use of a mutable reference.
|
@bors-servo r+ |
|
📌 Commit b257aad has been approved by |
bors-servo
added a commit
that referenced
this pull request
Feb 1, 2022
Fix all problems encounted with Miri -Ztag-raw-pointers I poked at this crate with `-Zmiri-tag-raw-pointers` before, and I was unable to fix what I found (I just added a test case that ruled out one of my wrong ideas #271). I tried again just now and I guess I just understand better this time. This PR fixes 3 separate pointer invalidation problems, which are detected by running `MIRIFLAGS=-Zmiri-tag-raw-pointers cargo miri test`. Depending on how you squint, 2 or 3 of these are rust-lang/unsafe-code-guidelines#133. The last one is _probably_ still present even with late invalidation, because `set_len` does a write through a `&mut`. It's unclear to me if any of these things that Miri complains about are potentially a miscompilation in rustc due to the use of LLVM `noalias`. But perhaps given how subtle this codebase is overall, it would be best to run the tools on their pickiest settings, even if there are a few things more like a false positive than a real problem.
|
💔 Test failed - checks-github |
|
(We need to wait for a nightly with working MIRI, or fix our CI script to find a working nightly build automatically.) |
|
To get Miri building again, it needs to support |
|
@mbrubeck Miri is on recent nightlies, I pushed an empty commit (please squash it away) to make CI re-run 🥳 |
|
@bors-servo r+ |
|
📌 Commit ecd69b9 has been approved by |
|
☀️ Test successful - checks-github |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I poked at this crate with
-Zmiri-tag-raw-pointersbefore, and I was unable to fix what I found (I just added a test case that ruled out one of my wrong ideas #271). I tried again just now and I guess I just understand better this time.This PR fixes 3 separate pointer invalidation problems, which are detected by running
MIRIFLAGS=-Zmiri-tag-raw-pointers cargo miri test.Depending on how you squint, 2 or 3 of these are rust-lang/unsafe-code-guidelines#133. The last one is probably still present even with late invalidation, because
set_lendoes a write through a&mut.It's unclear to me if any of these things that Miri complains about are potentially a miscompilation in rustc due to the use of LLVM
noalias. But perhaps given how subtle this codebase is overall, it would be best to run the tools on their pickiest settings, even if there are a few things more like a false positive than a real problem.