Skip to content

Add a test for #107975 #127003

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 20, 2024
Merged

Add a test for #107975 #127003

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions tests/ui/codegen/equal-pointers-unequal/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
See https://github.com/rust-lang/rust/issues/107975

Basically, if you have two pointers with the same address but from two different allocations,
the compiler gets confused whether their addresses are equal or not,
resulting in some self-contradictory behavior of the compiled code.

This folder contains some examples.
They all boil down to allocating a variable on the stack, taking its address,
getting rid of the variable, and then doing it all again.
This way we end up with two addresses stored in two `usize`s (`a` and `b`).
The addresses are (probably) equal but (definitely) come from two different allocations.
Logically, we would expect that exactly one of the following options holds true:
1. `a == b`
2. `a != b`
Sadly, the compiler does not always agree.

Due to Rust having at least three meaningfully different ways
to get a variable's address as an `usize`,
each example is provided in three versions, each in the corresponding subfolder:
1. `./as-cast/` for `&v as *const _ as usize`,
2. `./strict-provenance/` for `addr_of!(v).addr()`,
2. `./exposed-provenance/` for `addr_of!(v).expose_provenance()`.
21 changes: 21 additions & 0 deletions tests/ui/codegen/equal-pointers-unequal/as-cast/basic.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
//@ known-bug: #107975
//@ compile-flags: -Copt-level=2
//@ run-pass

fn main() {
let a: usize = {
let v = 0u8;
&v as *const _ as usize
};
let b: usize = {
let v = 0u8;
&v as *const _ as usize
};

// `a` and `b` are not equal.
assert_ne!(a, b);
// But they are the same number.
assert_eq!(format!("{a}"), format!("{b}"));
// And they are equal.
assert_eq!(a, b);
}
22 changes: 22 additions & 0 deletions tests/ui/codegen/equal-pointers-unequal/as-cast/function.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
//@ known-bug: #107975
//@ compile-flags: -Copt-level=2
//@ run-pass

// Based on https://github.com/rust-lang/rust/issues/107975#issuecomment-1434203908

fn f() -> usize {
let v = 0;
&v as *const _ as usize
}

fn main() {
let a = f();
let b = f();

// `a` and `b` are not equal.
assert_ne!(a, b);
// But they are the same number.
assert_eq!(format!("{a}"), format!("{b}"));
// And they are equal.
assert_eq!(a, b);
}
30 changes: 30 additions & 0 deletions tests/ui/codegen/equal-pointers-unequal/as-cast/inline1.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
//@ known-bug: #107975
//@ compile-flags: -Copt-level=2
//@ run-pass

// Based on https://github.com/rust-lang/rust/issues/107975#issuecomment-1432161340

#[inline(never)]
fn cmp(a: usize, b: usize) -> bool {
a == b
}

#[inline(always)]
fn cmp_in(a: usize, b: usize) -> bool {
a == b
}

fn main() {
let a = {
let v = 0;
&v as *const _ as usize
};
let b = {
let v = 0;
&v as *const _ as usize
};
assert_eq!(format!("{}", a == b), "false");
assert_eq!(format!("{}", cmp_in(a, b)), "false");
assert_eq!(format!("{}", cmp(a, b)), "true");
assert_eq!(a.to_string(), b.to_string());
}
30 changes: 30 additions & 0 deletions tests/ui/codegen/equal-pointers-unequal/as-cast/inline2.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
//@ known-bug: #107975
//@ compile-flags: -Copt-level=2
//@ run-pass

// Based on https://github.com/rust-lang/rust/issues/107975#issuecomment-1432161340

#[inline(never)]
fn cmp(a: usize, b: usize) -> bool {
a == b
}

#[inline(always)]
fn cmp_in(a: usize, b: usize) -> bool {
a == b
}

fn main() {
let a = {
let v = 0;
&v as *const _ as usize
};
let b = {
let v = 0;
&v as *const _ as usize
};
assert_eq!(a.to_string(), b.to_string());
assert_eq!(format!("{}", a == b), "true");
assert_eq!(format!("{}", cmp_in(a, b)), "true");
assert_eq!(format!("{}", cmp(a, b)), "true");
}
20 changes: 20 additions & 0 deletions tests/ui/codegen/equal-pointers-unequal/as-cast/print.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
//@ known-bug: #107975
//@ compile-flags: -Copt-level=2
//@ run-pass

// https://github.com/rust-lang/rust/issues/107975#issuecomment-1430704499

fn main() {
let a = {
let v = 0;
&v as *const _ as usize
};
let b = {
let v = 0;
&v as *const _ as usize
};

assert_ne!(a, b);
println!("{a}"); // or b
assert_eq!(a, b);
}
23 changes: 23 additions & 0 deletions tests/ui/codegen/equal-pointers-unequal/as-cast/print3.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
//@ known-bug: #107975
//@ compile-flags: -Copt-level=2
//@ run-pass

// https://github.com/rust-lang/rust/issues/107975#issuecomment-1430704499

fn main() {
let a = {
let v = 0;
&v as *const _ as usize
};
let b = {
let v = 0;
&v as *const _ as usize
};

assert_ne!(a, b);
assert_ne!(a, b);
let c = a;
assert_eq!(format!("{} {} {}", a == b, a == c, b == c), "false true false");
println!("{a} {b}");
assert_eq!(format!("{} {} {}", a == b, a == c, b == c), "true true true");
}
63 changes: 63 additions & 0 deletions tests/ui/codegen/equal-pointers-unequal/as-cast/segfault.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
//@ known-bug: #107975
//@ compile-flags: -Copt-level=2
//@ run-pass

// https://github.com/rust-lang/rust/issues/107975#issuecomment-1431758601

use std::cell::{Ref, RefCell};

fn main() {
let a: usize = {
let v = 0u8;
&v as *const _ as usize
};
let b: usize = {
let v = 0u8;
&v as *const _ as usize
};
let i: usize = b - a;

// A surprise tool that will help us later.
let arr = [
RefCell::new(Some(Box::new(1u8))),
RefCell::new(None),
RefCell::new(None),
RefCell::new(None),
];

// `i` is not 0
assert_ne!(i, 0);

// Let's borrow the `i`-th element.
// If `i` is out of bounds, indexing will panic.
let r: Ref<Option<Box<u8>>> = arr[i].borrow();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems to assume that the difference between addresses of the two stack variables will never be larger than 3. This is not true with cg_clif where the difference is 16.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems to assume that the difference between addresses of the two stack variables will never be larger than 3.

Not really. It assumes that the difference is precisely 0 and non-0 at the same time. The test in question should ALWAYS panic in one place or another (even without the assert_ne!(i, 0)). But it doesn't, because some parts gets optimized as if i is 0, while others are optimized as if it is not.

What I'm trying to say is that the length choice is arbitrary and that the test will fail no matter the value of i (be it 0, or 1, or 3, or 16, or whatever) as long as compiler does not make contradictory assumptions during optimization.

It might actually even break if compiler still makes contradictory assumptions, but optimizes things differently.

The point of the test is to capture the current buggy behavior and demonstrate that it can lead to unsoundness in safe code.

Copy link
Member

@bjorn3 bjorn3 Jul 25, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought the //@ known-bug would cause a //@ run-pass test like this one to fail if it doesn't panic/crash, but I guess that is not the case. Because of that I thought a non-broke backend like cg_clif is expected to not panic anywhere on this test as opposed to be supposed to panic somewhere like actually happened with cg_clif.

It would have been nice to mark this test as //@ codegen-backend: llvm, but no such test annotation is currently implemented unfortunately.


// If we got here, it means `i` was in bounds.
// Now, two options are possible:
// EITHER `i` is not 0 (as we have asserted above),
// so the unwrap will panic, because only the 0-th element is `Some`
// OR the assert lied, `i` *is* 0, and the `unwrap` will not panic.
let r: &Box<u8> = r.as_ref().unwrap();

// If we got here, it means `i` *was* actually 0.
// Let's ignore the fact that the assert has lied
// and try to take a mutable reference to the 0-th element.
// `borrow_mut` should panic, because we are sill holding on
// to a shared `Ref` for the same `RefCell`.
*arr[0].borrow_mut() = None;

// But it doesn't panic!
// We have successfully replaced `Some(Box)` with `None`,
// while holding a shared reference to it.
// No unsafe involved.

// The `Box` has been deallocated by now, so this is a dangling reference!
let r: &u8 = &*r;
println!("{:p}", r);
Copy link
Member

@SparrowLii SparrowLii Jul 19, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we use let _: u8 = *r here so we don't need the .stdout file anymore. As the ui test tool doesn't care about the specific value of r.


// The following might segfault. Or it might not.
// Depends on the platform semantics
// and whatever happened to the pointed-to memory after deallocation.
// let u: u8 = *r;
// println!("{u}");
}
28 changes: 28 additions & 0 deletions tests/ui/codegen/equal-pointers-unequal/as-cast/zero.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
//@ known-bug: #107975
//@ compile-flags: -Copt-level=2
//@ run-pass

// Derived from https://github.com/rust-lang/rust/issues/107975#issuecomment-1431758601

fn main() {
let a: usize = {
let v = 0u8;
&v as *const _ as usize
};
let b: usize = {
let v = 0u8;
&v as *const _ as usize
};

// So, are `a` and `b` equal?

// Let's check their difference.
let i: usize = a - b;
// It's not zero, which means `a` and `b` are not equal.
assert_ne!(i, 0);
// But it looks like zero...
assert_eq!(i.to_string(), "0");
// ...and now it *is* zero?
assert_eq!(i, 0);
// So `a` and `b` are equal after all?
}
25 changes: 25 additions & 0 deletions tests/ui/codegen/equal-pointers-unequal/exposed-provenance/basic.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
//@ known-bug: #107975
//@ compile-flags: -Copt-level=2
//@ run-pass

#![feature(exposed_provenance)]

use std::ptr;

fn main() {
let a: usize = {
let v = 0u8;
ptr::from_ref(&v).expose_provenance()
};
let b: usize = {
let v = 0u8;
ptr::from_ref(&v).expose_provenance()
};

// `a` and `b` are not equal.
assert_ne!(a, b);
// But they are the same number.
assert_eq!(format!("{a}"), format!("{b}"));
// And they are equal.
assert_eq!(a, b);
}
26 changes: 26 additions & 0 deletions tests/ui/codegen/equal-pointers-unequal/exposed-provenance/function.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
//@ known-bug: #107975
//@ compile-flags: -Copt-level=2
//@ run-pass

// Based on https://github.com/rust-lang/rust/issues/107975#issuecomment-1434203908

#![feature(exposed_provenance)]

use std::ptr;

fn f() -> usize {
let v = 0;
ptr::from_ref(&v).expose_provenance()
}

fn main() {
let a = f();
let b = f();

// `a` and `b` are not equal.
assert_ne!(a, b);
// But they are the same number.
assert_eq!(format!("{a}"), format!("{b}"));
// And they are equal.
assert_eq!(a, b);
}
34 changes: 34 additions & 0 deletions tests/ui/codegen/equal-pointers-unequal/exposed-provenance/inline1.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
//@ known-bug: #107975
//@ compile-flags: -Copt-level=2
//@ run-pass

// Based on https://github.com/rust-lang/rust/issues/107975#issuecomment-1432161340

#![feature(exposed_provenance)]

use std::ptr;

#[inline(never)]
fn cmp(a: usize, b: usize) -> bool {
a == b
}

#[inline(always)]
fn cmp_in(a: usize, b: usize) -> bool {
a == b
}

fn main() {
let a: usize = {
let v = 0;
ptr::from_ref(&v).expose_provenance()
};
let b: usize = {
let v = 0;
ptr::from_ref(&v).expose_provenance()
};
assert_eq!(format!("{}", a == b), "false");
assert_eq!(format!("{}", cmp_in(a, b)), "false");
assert_eq!(format!("{}", cmp(a, b)), "true");
assert_eq!(a.to_string(), b.to_string());
}
34 changes: 34 additions & 0 deletions tests/ui/codegen/equal-pointers-unequal/exposed-provenance/inline2.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
//@ known-bug: #107975
//@ compile-flags: -Copt-level=2
//@ run-pass

// Based on https://github.com/rust-lang/rust/issues/107975#issuecomment-1432161340

#![feature(exposed_provenance)]

use std::ptr;

#[inline(never)]
fn cmp(a: usize, b: usize) -> bool {
a == b
}

#[inline(always)]
fn cmp_in(a: usize, b: usize) -> bool {
a == b
}

fn main() {
let a: usize = {
let v = 0;
ptr::from_ref(&v).expose_provenance()
};
let b: usize = {
let v = 0;
ptr::from_ref(&v).expose_provenance()
};
assert_eq!(a.to_string(), b.to_string());
assert_eq!(format!("{}", a == b), "true");
assert_eq!(format!("{}", cmp_in(a, b)), "true");
assert_eq!(format!("{}", cmp(a, b)), "true");
}
Loading
Loading