Tail calls end protectors too early #3788
Labels
A-aliasing
Area: This affects the aliasing model (Stacked/Tree Borrows)
C-spec-question
Category: it is unclear what the intended behavior of Miri for this case is
Comments
RalfJung
added
C-bug
|
Ah, actually it seems like we do handle this properly for the return place -- a new protector gets created for the same return place again. However, function arguments do not get re-protected unless they are passed to the new function. So there's a question here whether the scope of a "noalias" function argument extends until just before a tail call, or until after the tail call returns. |
RalfJung
added
C-spec-question
|
Closing in favor of rust-lang/unsafe-code-guidelines#523. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In a tail call,
before_stack_popgets called before the stack frame is replaced with that of the new function. This ends the corresponding protectors in Miri, which is premature: they should instead be carried over to the new stack frame, and only ended when we return back to the caller.This affects both protection of function arguments and, perhaps even more relevant, the return place.
Currently it is hard to write a test case since custom MIR does not yet support tail calls (support is being added in rust-lang/rust#128688).
The text was updated successfully, but these errors were encountered: