oli-obk
diff --git a/‎src/error.rs
Lines changed: 8 additions & 4 deletions b/‎src/error.rs
Lines changed: 8 additions & 4 deletions
diff --git a/‎src/eval_context.rs
Lines changed: 40 additions & 14 deletions b/‎src/eval_context.rs
Lines changed: 40 additions & 14 deletions
diff --git a/‎src/lvalue.rs
Lines changed: 4 additions & 4 deletions b/‎src/lvalue.rs
Lines changed: 4 additions & 4 deletions
diff --git a/‎src/memory.rs
Lines changed: 40 additions & 19 deletions b/‎src/memory.rs
Lines changed: 40 additions & 19 deletions
@@ -18,11 +18,12 @@ pub enum EvalError<'tcx> {
     InvalidDiscriminant,
     PointerOutOfBounds {
         ptr: Pointer,
-        size: u64,
+        access: bool,
         allocation_size: u64,
     },
     ReadPointerAsBytes,
     InvalidPointerMath,
+    OverflowingPointerMath,
     ReadUndefBytes,
     DeadLocal,
     InvalidBoolOp(mir::BinOp),
@@ -82,6 +83,8 @@ impl<'tcx> Error for EvalError<'tcx> {
                 "a raw memory access tried to access part of a pointer value as raw bytes",
             EvalError::InvalidPointerMath =>
                 "attempted to do math or a comparison on pointers into different allocations",
+            EvalError::OverflowingPointerMath =>
+                "attempted to do overflowing math on a pointer",
             EvalError::ReadUndefBytes =>
                 "attempted to read undefined bytes",
             EvalError::DeadLocal =>
@@ -147,9 +150,10 @@ impl<'tcx> Error for EvalError<'tcx> {
 impl<'tcx> fmt::Display for EvalError<'tcx> {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
         match *self {
-            EvalError::PointerOutOfBounds { ptr, size, allocation_size } => {
-                write!(f, "memory access of {}..{} outside bounds of allocation {} which has size {}",
-                       ptr.offset, ptr.offset + size, ptr.alloc_id, allocation_size)
+            EvalError::PointerOutOfBounds { ptr, access, allocation_size } => {
+                write!(f, "{} at offset {}, outside bounds of allocation {} which has size {}",
+                       if access { "memory access" } else { "pointer computed" },
+                       ptr.offset, ptr.alloc_id, allocation_size)
             },
             EvalError::NoMirFor(ref func) => write!(f, "no mir for `{}`", func),
             EvalError::FunctionPointerTyMismatch(sig, got) =>
 
@@ -391,7 +391,7 @@ impl<'a, 'tcx> EvalContext<'a, 'tcx> {
         // FIXME(solson)
         let dest_ptr = self.force_allocation(dest)?.to_ptr();
 
-        let discr_dest = dest_ptr.offset(discr_offset);
+        let discr_dest = dest_ptr.offset(discr_offset, self.memory.layout)?;
         self.memory.write_uint(discr_dest, discr_val, discr_size)?;
 
         let dest = Lvalue::Ptr {
@@ -550,7 +550,7 @@ impl<'a, 'tcx> EvalContext<'a, 'tcx> {
                                 // FIXME(solson)
                                 let dest = self.force_allocation(dest)?.to_ptr();
 
-                                let dest = dest.offset(offset.bytes());
+                                let dest = dest.offset(offset.bytes(), self.memory.layout)?;
                                 let dest_size = self.type_size(ty)?
                                     .expect("bad StructWrappedNullablePointer discrfield");
                                 self.memory.write_int(dest, 0, dest_size)?;
@@ -610,7 +610,7 @@ impl<'a, 'tcx> EvalContext<'a, 'tcx> {
                 let dest = self.force_allocation(dest)?.to_ptr();
 
                 for i in 0..length {
-                    let elem_dest = dest.offset(i * elem_size);
+                    let elem_dest = dest.offset(i * elem_size, self.memory.layout)?;
                     self.write_value_to_ptr(value, elem_dest, elem_ty)?;
                 }
             }
@@ -662,7 +662,6 @@ impl<'a, 'tcx> EvalContext<'a, 'tcx> {
                         let src = self.eval_operand(operand)?;
                         let src_ty = self.operand_ty(operand);
                         if self.type_is_fat_ptr(src_ty) {
-                            trace!("misc cast: {:?}", src);
                             match (src, self.type_is_fat_ptr(dest_ty)) {
                                 (Value::ByRef(_), _) |
                                 (Value::ByValPair(..), true) => {
@@ -674,9 +673,19 @@ impl<'a, 'tcx> EvalContext<'a, 'tcx> {
                                 (Value::ByVal(_), _) => bug!("expected fat ptr"),
                             }
                         } else {
-                            let src_val = self.value_to_primval(src, src_ty)?;
-                            let dest_val = self.cast_primval(src_val, src_ty, dest_ty)?;
-                            self.write_value(Value::ByVal(dest_val), dest, dest_ty)?;
+                            // First, try casting
+                            let dest_val = self.value_to_primval(src, src_ty).and_then(
+                                |src_val| { self.cast_primval(src_val, src_ty, dest_ty) })
+                                // Alternatively, if the sizes are equal, try just reading at the target type
+                                .or_else(|err| {
+                                    let size = self.type_size(src_ty)?;
+                                    if size.is_some() && size == self.type_size(dest_ty)? {
+                                        self.value_to_primval(src, dest_ty)
+                                    } else {
+                                        Err(err)
+                                    }
+                                });
+                            self.write_value(Value::ByVal(dest_val?), dest, dest_ty)?;
                         }
                     }
 
@@ -841,11 +850,27 @@ impl<'a, 'tcx> EvalContext<'a, 'tcx> {
         }
     }
 
+    pub(super) fn wrapping_pointer_offset(&self, ptr: Pointer, pointee_ty: Ty<'tcx>, offset: i64) -> EvalResult<'tcx, Pointer> {
+        // FIXME: assuming here that type size is < i64::max_value()
+        let pointee_size = self.type_size(pointee_ty)?.expect("cannot offset a pointer to an unsized type") as i64;
+        let offset = offset.overflowing_mul(pointee_size).0;
+        Ok(ptr.wrapping_signed_offset(offset, self.memory.layout))
+    }
+
     pub(super) fn pointer_offset(&self, ptr: Pointer, pointee_ty: Ty<'tcx>, offset: i64) -> EvalResult<'tcx, Pointer> {
+        if offset == 0 {
+            // rustc relies on Offset-by-0 to be well-defined even for "bad" pointers like Unique::empty().
+            return Ok(ptr);
+        }
         // FIXME: assuming here that type size is < i64::max_value()
         let pointee_size = self.type_size(pointee_ty)?.expect("cannot offset a pointer to an unsized type") as i64;
-        // FIXME: Check overflow, out-of-bounds
-        Ok(ptr.signed_offset(offset * pointee_size))
+        return if let Some(offset) = offset.checked_mul(pointee_size) {
+            let ptr = ptr.signed_offset(offset, self.memory.layout)?;
+            self.memory.check_bounds(ptr, false)?;
+            Ok(ptr)
+        } else {
+            Err(EvalError::OverflowingPointerMath)
+        }
     }
 
     pub(super) fn eval_operand_to_primval(&mut self, op: &mir::Operand<'tcx>) -> EvalResult<'tcx, PrimVal> {
@@ -1099,8 +1124,8 @@ impl<'a, 'tcx> EvalContext<'a, 'tcx> {
         let field_1_ty = self.get_field_ty(ty, 1)?;
         let field_0_size = self.type_size(field_0_ty)?.expect("pair element type must be sized");
         let field_1_size = self.type_size(field_1_ty)?.expect("pair element type must be sized");
-        self.memory.write_primval(ptr.offset(field_0), a, field_0_size)?;
-        self.memory.write_primval(ptr.offset(field_1), b, field_1_size)?;
+        self.memory.write_primval(ptr.offset(field_0, self.memory.layout)?, a, field_0_size)?;
+        self.memory.write_primval(ptr.offset(field_1, self.memory.layout)?, b, field_1_size)?;
         Ok(())
     }
 
@@ -1217,7 +1242,7 @@ impl<'a, 'tcx> EvalContext<'a, 'tcx> {
             Ok(Value::ByVal(PrimVal::Ptr(p)))
         } else {
             trace!("reading fat pointer extra of type {}", pointee_ty);
-            let extra = ptr.offset(self.memory.pointer_size());
+            let extra = ptr.offset(self.memory.pointer_size(), self.memory.layout)?;
             let extra = match self.tcx.struct_tail(pointee_ty).sty {
                 ty::TyDynamic(..) => PrimVal::Ptr(self.memory.read_ptr(extra)?),
                 ty::TySlice(..) |
@@ -1402,8 +1427,8 @@ impl<'a, 'tcx> EvalContext<'a, 'tcx> {
                     }
                     let src_field_offset = self.get_field_offset(src_ty, i)?.bytes();
                     let dst_field_offset = self.get_field_offset(dest_ty, i)?.bytes();
-                    let src_f_ptr = src_ptr.offset(src_field_offset);
-                    let dst_f_ptr = dest.offset(dst_field_offset);
+                    let src_f_ptr = src_ptr.offset(src_field_offset, self.memory.layout)?;
+                    let dst_f_ptr = dest.offset(dst_field_offset, self.memory.layout)?;
                     if src_fty == dst_fty {
                         self.copy(src_f_ptr, dst_f_ptr, src_fty)?;
                     } else {
@@ -1438,6 +1463,7 @@ impl<'a, 'tcx> EvalContext<'a, 'tcx> {
                     panic!("Failed to access local: {:?}", err);
                 }
                 Ok(Value::ByRef(ptr)) => {
+                    write!(msg, " by ref:").unwrap();
                     allocs.push(ptr.alloc_id);
                 }
                 Ok(Value::ByVal(val)) => {
 
@@ -270,7 +270,7 @@ impl<'a, 'tcx> EvalContext<'a, 'tcx> {
             _ => offset.bytes(),
         };
 
-        let ptr = base_ptr.offset(offset);
+        let ptr = base_ptr.offset(offset, self.memory.layout)?;
 
         let field_ty = self.monomorphize(field_ty, self.substs());
 
@@ -363,7 +363,7 @@ impl<'a, 'tcx> EvalContext<'a, 'tcx> {
                 let usize = self.tcx.types.usize;
                 let n = self.value_to_primval(n_ptr, usize)?.to_u64()?;
                 assert!(n < len, "Tried to access element {} of array/slice with length {}", n, len);
-                let ptr = base_ptr.offset(n * elem_size);
+                let ptr = base_ptr.offset(n * elem_size, self.memory.layout)?;
                 (ptr, LvalueExtra::None)
             }
 
@@ -384,7 +384,7 @@ impl<'a, 'tcx> EvalContext<'a, 'tcx> {
                     u64::from(offset)
                 };
 
-                let ptr = base_ptr.offset(index * elem_size);
+                let ptr = base_ptr.offset(index * elem_size, self.memory.layout)?;
                 (ptr, LvalueExtra::None)
             }
 
@@ -398,7 +398,7 @@ impl<'a, 'tcx> EvalContext<'a, 'tcx> {
                 let (elem_ty, n) = base.elem_ty_and_len(base_ty);
                 let elem_size = self.type_size(elem_ty)?.expect("slice element must be sized");
                 assert!(u64::from(from) <= n - u64::from(to));
-                let ptr = base_ptr.offset(u64::from(from) * elem_size);
+                let ptr = base_ptr.offset(u64::from(from) * elem_size, self.memory.layout)?;
                 let extra = LvalueExtra::Length(n - u64::from(to) - u64::from(from));
                 (ptr, extra)
             }
 
@@ -60,20 +60,36 @@ impl Pointer {
         Pointer { alloc_id, offset }
     }
 
-    pub fn signed_offset(self, i: i64) -> Self {
+    pub fn wrapping_signed_offset<'tcx>(self, i: i64, layout: &TargetDataLayout) -> Self {
+        Pointer::new(self.alloc_id, (self.offset.wrapping_add(i as u64) as u128 % (1u128 << layout.pointer_size.bits())) as u64)
+    }
+
+    pub fn signed_offset<'tcx>(self, i: i64, layout: &TargetDataLayout) -> EvalResult<'tcx, Self> {
         // FIXME: is it possible to over/underflow here?
         if i < 0 {
             // trickery to ensure that i64::min_value() works fine
             // this formula only works for true negative values, it panics for zero!
             let n = u64::max_value() - (i as u64) + 1;
-            Pointer::new(self.alloc_id, self.offset - n)
+            if let Some(res) = self.offset.checked_sub(n) {
+                Ok(Pointer::new(self.alloc_id, res))
+            } else {
+                Err(EvalError::OverflowingPointerMath)
+            }
         } else {
-            self.offset(i as u64)
+            self.offset(i as u64, layout)
         }
     }
 
-    pub fn offset(self, i: u64) -> Self {
-        Pointer::new(self.alloc_id, self.offset + i)
+    pub fn offset<'tcx>(self, i: u64, layout: &TargetDataLayout) -> EvalResult<'tcx, Self> {
+        if let Some(res) = self.offset.checked_add(i) {
+            if res as u128 >= (1u128 << layout.pointer_size.bits()) {
+                Err(EvalError::OverflowingPointerMath)
+            } else {
+                Ok(Pointer::new(self.alloc_id, res))
+            }
+        } else {
+            Err(EvalError::OverflowingPointerMath)
+        }
     }
 
     pub fn points_to_zst(&self) -> bool {
@@ -108,7 +124,7 @@ pub type TlsKey = usize;
 
 #[derive(Copy, Clone, Debug)]
 pub struct TlsEntry<'tcx> {
-    data: Pointer, // will eventually become a map from thread IDs to pointers
+    data: Pointer, // Will eventually become a map from thread IDs to pointers, if we ever support more than one thread.
     dtor: Option<ty::Instance<'tcx>>,
 }
 
@@ -161,8 +177,8 @@ pub struct Memory<'a, 'tcx> {
     /// A cache for basic byte allocations keyed by their contents. This is used to deduplicate
     /// allocations for string and bytestring literals.
     literal_alloc_cache: HashMap<Vec<u8>, AllocId>,
-    
-    /// pthreads-style Thread-local storage.  We only have one thread, so this is just a map from TLS keys (indices into the vector) to the pointer stored there.
+
+    /// pthreads-style thread-local storage.
     thread_local: HashMap<TlsKey, TlsEntry<'tcx>>,
 
     /// The Key to use for the next thread-local allocation.
@@ -271,7 +287,7 @@ impl<'a, 'tcx> Memory<'a, 'tcx> {
             alloc.undef_mask.grow(amount, false);
         } else if size > new_size {
             self.memory_usage -= size - new_size;
-            self.clear_relocations(ptr.offset(new_size), size - new_size)?;
+            self.clear_relocations(ptr.offset(new_size, self.layout)?, size - new_size)?;
             let alloc = self.get_mut(ptr.alloc_id)?;
             // `as usize` is fine here, since it is smaller than `size`, which came from a usize
             alloc.bytes.truncate(new_size as usize);
@@ -354,6 +370,15 @@ impl<'a, 'tcx> Memory<'a, 'tcx> {
         }
     }
 
+    pub(crate) fn check_bounds(&self, ptr: Pointer, access: bool) -> EvalResult<'tcx> {
+        let alloc = self.get(ptr.alloc_id)?;
+        let allocation_size = alloc.bytes.len() as u64;
+        if ptr.offset > allocation_size {
+            return Err(EvalError::PointerOutOfBounds { ptr, access, allocation_size });
+        }
+        Ok(())
+    }
+
     pub(crate) fn mark_packed(&mut self, ptr: Pointer, len: u64) {
         self.packed.insert(Entry {
             alloc_id: ptr.alloc_id,
@@ -574,11 +599,8 @@ impl<'a, 'tcx> Memory<'a, 'tcx> {
             return Ok(&[]);
         }
         self.check_align(ptr, align, size)?;
+        self.check_bounds(ptr.offset(size, self.layout)?, true)?; // if ptr.offset is in bounds, then so is ptr (because offset checks for overflow)
         let alloc = self.get(ptr.alloc_id)?;
-        let allocation_size = alloc.bytes.len() as u64;
-        if ptr.offset + size > allocation_size {
-            return Err(EvalError::PointerOutOfBounds { ptr, size, allocation_size });
-        }
         assert_eq!(ptr.offset as usize as u64, ptr.offset);
         assert_eq!(size as usize as u64, size);
         let offset = ptr.offset as usize;
@@ -590,11 +612,8 @@ impl<'a, 'tcx> Memory<'a, 'tcx> {
             return Ok(&mut []);
         }
         self.check_align(ptr, align, size)?;
+        self.check_bounds(ptr.offset(size, self.layout)?, true)?; // if ptr.offset is in bounds, then so is ptr (because offset checks for overflow)
         let alloc = self.get_mut(ptr.alloc_id)?;
-        let allocation_size = alloc.bytes.len() as u64;
-        if ptr.offset + size > allocation_size {
-            return Err(EvalError::PointerOutOfBounds { ptr, size, allocation_size });
-        }
         assert_eq!(ptr.offset as usize as u64, ptr.offset);
         assert_eq!(size as usize as u64, size);
         let offset = ptr.offset as usize;
@@ -746,7 +765,9 @@ impl<'a, 'tcx> Memory<'a, 'tcx> {
 
     pub fn write_ptr(&mut self, dest: Pointer, ptr: Pointer) -> EvalResult<'tcx> {
         self.write_usize(dest, ptr.offset as u64)?;
-        self.get_mut(dest.alloc_id)?.relocations.insert(dest.offset, ptr.alloc_id);
+        if ptr.alloc_id != NEVER_ALLOC_ID {
+            self.get_mut(dest.alloc_id)?.relocations.insert(dest.offset, ptr.alloc_id);
+        }
         Ok(())
     }
 
@@ -913,7 +934,7 @@ impl<'a, 'tcx> Memory<'a, 'tcx> {
 
     fn check_relocation_edges(&self, ptr: Pointer, size: u64) -> EvalResult<'tcx> {
         let overlapping_start = self.relocations(ptr, 0)?.count();
-        let overlapping_end = self.relocations(ptr.offset(size), 0)?.count();
+        let overlapping_end = self.relocations(ptr.offset(size, self.layout)?, 0)?.count();
         if overlapping_start + overlapping_end != 0 {
             return Err(EvalError::ReadPointerAsBytes);
         }