-
Notifications
You must be signed in to change notification settings - Fork 352
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check Pin guarantees at runtime #823
Comments
I disagree with the statement that this is possible or even straightforward. The pin guarantees are not guarantees of the language, they are guarantees of a library. Miri will detect UB caused by violating |
@Aaron1011 could you describe what concretely you think Miri could do operationally to help detect pinning violations? |
Maybe add an intrinsic to mark memory as pinned, which is called in the |
"move" is a type system concept, it is not an operation in Miri. Something like |
Closing this as (a) Miri is meant to be an implementation of the Rust Abstract Machine spec, and that spec does not know about |
288: Run Miri on CI r=taiki-e a=taiki-e The pin guarantees are guarantees of a library, so Miri does not detect violations of the pin API. However, if the generated unsafe code causes UB, Miri may be possible to detect it. Related: rust-lang/miri#823, rust-lang/unsafe-code-guidelines#232 (comment) Co-authored-by: Taiki Endo <te316e89@gmail.com>
Miri should be able to check that the guarantees of
Pin
are upheld at runtime. AFAICT, all of the requirements forPin::new_unchecked
and for pin projections boil down to the same thing: ensuring that the pinned memory is never deallocated/invalidated until afterDrop
is called.This should be fairly straightforward to implement - we can add a
pinned
flag toAllocExtra
, and add special handling for thePin
type. Fortunately,Pin
is a lang item, so this won't require hard-coding a path.The text was updated successfully, but these errors were encountered: