Invalid equality check result for usizes obtained from function pointers #73722
Comments
JohnTitor
added
the
T-compiler
|
In some sense there's no bug here, this is expected: comparing function pointers should behave the same with or without the What is more surprising is that they print the same. This indicates that comparison is non-deterministic... which is rather problematic indeed, and could break plenty of LLVM optimizations. |
|
Indeed this can be turned into a demonstration of non-deterministic comparison: #[inline(never)]
fn nop(x: usize) -> usize { x }
fn main() {
fn x() {}
fn y() {}
let a = x as usize;
let b = y as usize;
assert_eq!(nop(a), nop(b));
assert_eq!(a, b);
}The second assertion fails, the first passes (in release mode on 1.45.2). That's no good. In principle this could lead to a soundness bug, though I am not sure if that can be actually done in practice. Cc @rust-lang/wg-unsafe-code-guidelines @rust-lang/lang |
|
This is an LLVM bug: https://bugs.llvm.org/show_bug.cgi?id=47090 |
RalfJung
added
the
A-LLVM
|
But MIR optimizations also have to be aware that folding equality tests on functions is subtle (Cc @rust-lang/wg-mir-opt). And @oli-obk recently had to prevent me from making a similar mistake for pointer equality tests in CTFE (Cc @rust-lang/wg-const-eval). |
|
The LLVM bug has been fixed. @Mark-Simulacrum (pinging you in lieu of there being a way to ping the LLVM WG), do you usually backport such fixes or wait for the next release? |
|
cc @cuviper @nikic @nagisa (pinging LLVM WG) I suspect we'll want to backport the patch ourselves, and try to nominate it for LLVM 11 (since that's not yet released, and we're currently on a release candidate). https://reviews.llvm.org/D87123 is the thing to backport I think. |
RalfJung
added
the
I-unsound
rustbot
added
the
I-prioritize
|
Assigning |
apiraino
added
P-medium
…-obk
move guaranteed{ne,eq} implementation to compile-time machine
Currently, Miri needs a special hack to avoid using the core engine implementation of these intrinsics. That seems silly, so let's move them to the CTFE machine, which is the only machine that wants to use them.
I also added a reference to rust-lang#73722 as a warning to anyone who wants to adjust `guaranteed_eq`.
|
Discussion on the LLVM bug is that it's too late for 11.0.0, but could be added to 11.0.1. If someone wants to see the fix sooner in rust's fork, I'm happy to review PRs: |
Original message: Rollup merge of rust-lang#80796 - cuviper:llvm-11.0.1, r=nikic Update to LLVM 11.0.1 This updates to a new LLVM branch, rebased on the upstream `llvmorg-11.0.1`. All our patches applied cleanly except the fortanix unwind changes, which just needed a small adjustment in cmake files. r? `@nikic` Fixes rust-lang#73722
Code:
Output in release mode:
Playground
There is a similar issue about comparing function pointers, but incorrect comparison of
usizemay be more dangerous. For example, if unsafe code checks the equality betweenusizeto uphold its invariant, passing values obtained this way may break the invariant, even though the unsafe code itself didn't work with function pointers.The text was updated successfully, but these errors were encountered: