fixup rebase

Author: nia-e

src/shims/native_lib/mod.rs

@@ -226,8 +226,8 @@ trait EvalContextExtPriv<'tcx>: crate::MiriInterpCxExt<'tcx> {
         let this = self.eval_context_mut();
 
         for evt in events.acc_events {
+            //eprintln!("evt: {evt:?}");
             let evt_rg = evt.get_range();
-
             // LLVM at least permits vectorising accesses to adjacent allocations,
             // so we cannot assume 1 access = 1 allocation. :(
             let mut rg = evt_rg.addr..evt_rg.end();
@@ -239,12 +239,14 @@ trait EvalContextExtPriv<'tcx>: crate::MiriInterpCxExt<'tcx> {
                 let alloc_addr = alloc.get_bytes_unchecked_raw().addr();
 
                 // Skip forward however many bytes of the access are contained in the current allocation.
-                let overlap_size = alloc.len().strict_sub(evt_rg.addr.saturating_sub(alloc_addr));
-                let _ = rg.advance_by(overlap_size);
+                let overlap = std::cmp::max(alloc_addr, curr).strict_sub(alloc_addr)
+                    ..std::cmp::min(alloc_addr.strict_add(alloc.len()), rg.end)
+                        .strict_sub(alloc_addr);
+                let _ = rg.advance_by(overlap.len());
+                //eprintln!("overlap: {overlap:?}");
 
                 // Get an overlap range as an offset from the allocation base addr.
-                let overlap_start = evt_rg.addr.strict_sub(alloc_addr);
-                let overlap = overlap_start..overlap_start.strict_add(overlap_size);
+                //let overlap = unshifted_overlap.start..unshifted_overlap.start.strict_add(unshifted_overlap.len());
 
                 // Reads are infallible, writes might not be.
                 if evt.is_read() {
@@ -256,8 +258,14 @@ trait EvalContextExtPriv<'tcx>: crate::MiriInterpCxExt<'tcx> {
                         }
                     }
                 } else if evt.definitely_happened() || alloc.mutability.is_mut() {
-                    //let (alloc, cx) = this.get_alloc_raw_mut(alloc_id)?;
-                    //alloc.process_native_write(AllocRange { start: overlap.start, size: overlap.len() })
+                    let (alloc, cx) = this.get_alloc_raw_mut(alloc_id)?;
+                    alloc.process_native_write(
+                        &cx.tcx,
+                        Some(AllocRange {
+                            start: Size::from_bytes(overlap.start),
+                            size: Size::from_bytes(overlap.len()),
+                        }),
+                    )
                 }
             }
         }
@@ -349,7 +357,9 @@ pub trait EvalContextExt<'tcx>: crate::MiriInterpCxExt<'tcx> {
             // Prepare for possible write from native code if mutable.
             if info.mutbl.is_mut() {
                 let (alloc, cx) = this.get_alloc_raw_mut(alloc_id)?;
-                alloc.process_native_write(&cx.tcx, None);
+                if !tracing {
+                    alloc.process_native_write(&cx.tcx, None);
+                }
                 // Also expose *mutable* provenance for the interpreter-level allocation.
                 std::hint::black_box(alloc.get_bytes_unchecked_raw_mut().expose_provenance());
             }

tests/native-lib/fail/trace_read.stderr

@@ -1,8 +1,27 @@
+warning: integer-to-pointer cast
+  --> tests/native-lib/fail/trace_read.rs:LL:CC
+   |
+LL |     let invalid: *const i32 = std::ptr::with_exposed_provenance(intermediate.addr());
+   |                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ integer-to-pointer cast
+   |
+   = help: this program is using integer-to-pointer casts or (equivalently) `ptr::with_exposed_provenance`, which means that Miri might miss pointer bugs in this program
+   = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.with_exposed_provenance.html for more details on that operation
+   = help: to ensure that Miri does not miss bugs in your program, use Strict Provenance APIs (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance, https://crates.io/crates/sptr) instead
+   = help: you can then set `MIRIFLAGS=-Zmiri-strict-provenance` to ensure you are not relying on `with_exposed_provenance` semantics
+   = help: alternatively, `MIRIFLAGS=-Zmiri-permissive-provenance` disables this warning
+   = note: BACKTRACE:
+   = note: inside `unexposed_reachable_alloc` at tests/native-lib/fail/trace_read.rs:LL:CC
+note: inside `main`
+  --> tests/native-lib/fail/trace_read.rs:LL:CC
+   |
+LL |     unexposed_reachable_alloc();
+   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
 error: Undefined Behavior: pointer not dereferenceable: pointer must be dereferenceable for 4 bytes, but got $HEX[noalloc] which is a dangling pointer (it has no provenance)
   --> tests/native-lib/fail/trace_read.rs:LL:CC
    |
-LL |         println!("{}", *invalid);
-   |                        ^^^^^^^^ Undefined Behavior occurred here
+LL | ...   println!("{}", *invalid);
+   |                      ^^^^^^^^ Undefined Behavior occurred here
    |
    = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
    = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
@@ -17,5 +36,5 @@ LL |     unexposed_reachable_alloc();
 
 note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
 
-error: aborting due to 1 previous error
+error: aborting due to 1 previous error; 1 warning emitted
 

tests/native-lib/fail/trace_write.rs

@@ -13,10 +13,12 @@ fn main() {
 }
 
 fn partial_init() {
-    let mut slice: [u8; 10];
+    let mut slice = std::mem::MaybeUninit::<[u8; 3]>::uninit();
+    let slice_ptr = slice.as_mut_ptr().cast::<u8>();
     unsafe {
-        init_n(5, (&raw mut slice).cast());
-        assert!(slice[3] == 0);
-        println!("{}", slice[6]);
+        init_n(2, slice_ptr);
+        assert!(*slice_ptr == 0);
+        assert!(*slice_ptr.offset(1) == 0);
+        let _val = *slice_ptr.offset(2); //~ ERROR: Undefined Behavior: using uninitialized data
     }
 }

tests/native-lib/fail/trace_write.stderr

@@ -0,0 +1,39 @@
+warning: sharing memory with a native function called via FFI
+  --> tests/native-lib/fail/trace_write.rs:LL:CC
+   |
+LL |         init_n(2, slice_ptr);
+   |         ^^^^^^^^^^^^^^^^^^^^ sharing memory with a native function
+   |
+   = help: when memory is shared with a native function call, Miri can only track initialisation and provenance on a best-effort basis
+   = help: in particular, Miri assumes that the native call initializes all memory it has written to
+   = help: Miri also assumes that any part of this memory may be a pointer that is permitted to point to arbitrary exposed memory
+   = help: what this means is that Miri will easily miss Undefined Behavior related to incorrect usage of this shared memory, so you should not take a clean Miri run as a signal that your FFI code is UB-free
+   = help: tracing memory accesses in native code is not yet fully implemented, so there can be further imprecisions beyond what is documented here
+   = note: BACKTRACE:
+   = note: inside `partial_init` at tests/native-lib/fail/trace_write.rs:LL:CC
+note: inside `main`
+  --> tests/native-lib/fail/trace_write.rs:LL:CC
+   |
+LL |     partial_init();
+   |     ^^^^^^^^^^^^^^
+
+error: Undefined Behavior: using uninitialized data, but this operation requires initialized memory
+  --> tests/native-lib/fail/trace_write.rs:LL:CC
+   |
+LL |         let _val = *slice_ptr.offset(2);
+   |                    ^^^^^^^^^^^^^^^^^^^^ Undefined Behavior occurred here
+   |
+   = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
+   = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
+   = note: BACKTRACE:
+   = note: inside `partial_init` at tests/native-lib/fail/trace_write.rs:LL:CC
+note: inside `main`
+  --> tests/native-lib/fail/trace_write.rs:LL:CC
+   |
+LL |     partial_init();
+   |     ^^^^^^^^^^^^^^
+
+note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
+
+error: aborting due to 1 previous error; 1 warning emitted
+

tests/native-lib/pass/ptr_read_access.stdout renamed to tests/native-lib/pass/ptr_read_access.notrace.stdout

@@ -0,0 +1,19 @@
+warning: sharing memory with a native function called via FFI
+  --> tests/native-lib/pass/ptr_read_access.rs:LL:CC
+   |
+LL |     unsafe { print_pointer(&x) };
+   |              ^^^^^^^^^^^^^^^^^ sharing memory with a native function
+   |
+   = help: when memory is shared with a native function call, Miri can only track initialisation and provenance on a best-effort basis
+   = help: in particular, Miri assumes that the native call initializes all memory it has written to
+   = help: Miri also assumes that any part of this memory may be a pointer that is permitted to point to arbitrary exposed memory
+   = help: what this means is that Miri will easily miss Undefined Behavior related to incorrect usage of this shared memory, so you should not take a clean Miri run as a signal that your FFI code is UB-free
+   = help: tracing memory accesses in native code is not yet fully implemented, so there can be further imprecisions beyond what is documented here
+   = note: BACKTRACE:
+   = note: inside `test_access_pointer` at tests/native-lib/pass/ptr_read_access.rs:LL:CC
+note: inside `main`
+  --> tests/native-lib/pass/ptr_read_access.rs:LL:CC
+   |
+LL |     test_access_pointer();
+   |     ^^^^^^^^^^^^^^^^^^^^^
+

tests/native-lib/pass/ptr_read_access.trace.stderr

@@ -0,0 +1 @@
+printing pointer dereference from C: 42

tests/native-lib/pass/ptr_read_access.trace.stdout

@@ -0,0 +1,19 @@
+warning: sharing memory with a native function called via FFI
+  --> tests/native-lib/pass/ptr_write_access.rs:LL:CC
+   |
+LL |     unsafe { increment_int(&mut x) };
+   |              ^^^^^^^^^^^^^^^^^^^^^ sharing memory with a native function
+   |
+   = help: when memory is shared with a native function call, Miri can only track initialisation and provenance on a best-effort basis
+   = help: in particular, Miri assumes that the native call initializes all memory it has written to
+   = help: Miri also assumes that any part of this memory may be a pointer that is permitted to point to arbitrary exposed memory
+   = help: what this means is that Miri will easily miss Undefined Behavior related to incorrect usage of this shared memory, so you should not take a clean Miri run as a signal that your FFI code is UB-free
+   = help: tracing memory accesses in native code is not yet fully implemented, so there can be further imprecisions beyond what is documented here
+   = note: BACKTRACE:
+   = note: inside `test_increment_int` at tests/native-lib/pass/ptr_write_access.rs:LL:CC
+note: inside `main`
+  --> tests/native-lib/pass/ptr_write_access.rs:LL:CC
+   |
+LL |     test_increment_int();
+   |     ^^^^^^^^^^^^^^^^^^^^
+

tests/native-lib/pass/ptr_write_access.trace.stderr

@@ -112,6 +112,6 @@ EXPORT void init_ptr_stored_in_shared_mem(int32_t val) {
 
 EXPORT void init_n(int32_t n, char* ptr) {
   for (int i=0; i<n; i++) {
-    *ptr = 0;
+    *(ptr+i) = 0;
   }
 }