Support allocations with non-Box<[u8]> bytes #108022
Conversation
|
r? @nagisa (rustbot has picked a reviewer for you, use r? to override) |
rustbot
added
S-waiting-on-review
|
Some changes occurred to the CTFE / Miri engine cc @rust-lang/miri Some changes occurred to the CTFE / Miri engine cc @rust-lang/miri |
This comment has been minimized.
This comment has been minimized.
|
The Miri subtree was changed cc @rust-lang/miri |
|
Baffled by the tidy failure - |
This comment has been minimized.
This comment has been minimized.
|
looks like a rustfmt difference between your system and CI. Try rebasing over latest master and running |
…ons for miri. Credit to emarteca for the code.
CraftSpider
force-pushed
the
align-bytes
branch
from
3e7bf2d
to
936b567
Compare
|
r? rust-lang/miri |
This comment has been minimized.
This comment has been minimized.
|
@bors r+ |
bors
added
S-waiting-on-bors
Support allocations with non-Box<[u8]> bytes This is prep work for allowing miri to support passing pointers to C code, which will require `Allocation`s to be correctly aligned. Currently, it just makes `Allocation` generic and plumbs the necessary changes through the right places. The follow-up to this will be adding a type in the miri interpreter which correctly aligns the bytes, using that for the Miri engine, then allowing Miri to pass pointers into these allocations to C calls. Based off of rust-lang#100467, credit to `@emarteca` for the code
Support allocations with non-Box<[u8]> bytes This is prep work for allowing miri to support passing pointers to C code, which will require `Allocation`s to be correctly aligned. Currently, it just makes `Allocation` generic and plumbs the necessary changes through the right places. The follow-up to this will be adding a type in the miri interpreter which correctly aligns the bytes, using that for the Miri engine, then allowing Miri to pass pointers into these allocations to C calls. Based off of rust-lang#100467, credit to ``@emarteca`` for the code
…iaskrgr Rollup of 8 pull requests Successful merges: - rust-lang#108022 (Support allocations with non-Box<[u8]> bytes) - rust-lang#108367 (Re-apply "switch to the macos-12-xl builder") - rust-lang#108557 (Point error span at Some constructor argument when trait resolution fails) - rust-lang#108573 (Explain compile-time vs run-time difference in env!() error message) - rust-lang#108584 (Put backtick content from rustdoc search errors into a `<code>` elements) - rust-lang#108624 (Make `ExprKind` the first field in `thir::Expr`) - rust-lang#108644 (Allow setting hashmap toml values in `./configure`) - rust-lang#108672 (Feed queries on impl side for RPITITs when using lower_impl_trait_in_trait_to_assoc_ty) Failed merges: r? `@ghost` `@rustbot` modify labels: rollup
| /// It is up to the caller to take sufficient care when using this address: | ||
| /// there could be provenance or uninit memory in there, and other memory | ||
| /// accesses could invalidate the exposed pointer. | ||
| pub fn alloc_base_addr(&self, id: AllocId) -> InterpResult<'tcx, *const u8> { |
There was a problem hiding this comment.
It is very confusing to talk about getting an "address" when the return type is a pointer types. I would expect an "address" to be usize-typed, like ptr.addr().
Also the docs don't say what the caller is allowed to do with this pointer: for sure no mutation of the pointed-to memory is allowed; for how long may that memory be read? The provenance of the returned raw pointer will become invalid at some point.
Why do we need such an extremely unsafe-to-use function deep inside the interpreter?
There was a problem hiding this comment.
This is used in FFI code to get a pointer to the base address, however, it likely isn't necessary - we can get a byte slice through other methods that are a lot clearer and actually check various things we probably want to check anyways. I'd be in favor of removing this if I can alter my current draft PR to not use it, to confirm it's practical to avoid.
There was a problem hiding this comment.
It being used for FFI does not absolve it from following the usual Rust pointer rules, so all the questions about mutability, lifetime, and provenance still remain.
Also I don't see why FFI support would need this as a new functionality inside the core interpreter. As you said the existing slice methods could be used, or alternatively we might want a function that gives access to the underling M::Bytes inside an allocation, and then Miri can do whatever it has to do directly with that type.
| Clone + fmt::Debug + Eq + PartialEq + Hash + Deref<Target = [u8]> + DerefMut<Target = [u8]> | ||
| { | ||
| /// Adjust the bytes to the specified alignment -- by default, this is a no-op. | ||
| fn adjust_to_align(self, _align: Align) -> Self; |
There was a problem hiding this comment.
That's a strange API. Shouldn't alignment be set when the Self is created?
There was a problem hiding this comment.
This is called in adjust_from_tcx, it would be necessary if it could accept another bytes type that may not be aligned, but as is I think you're right - we always create the item with the desired alignment and don't need to re-align it later.
There was a problem hiding this comment.
adjust_from_tcx will always have to convert a Box<[u8]> into an aligned byte storage, so that is probably the API we want in the trait.
| fn from_bytes<'a>(slice: impl Into<Cow<'a, [u8]>>, _align: Align) -> Self; | ||
|
|
||
| /// Create a zeroed `AllocBytes` of the specified size and alignment; | ||
| /// call the callback error handler if there is an error in allocating the memory. |
There was a problem hiding this comment.
Which "callback error handler"?
There was a problem hiding this comment.
This function used to return a Result and generate the error using a callback - this was effectively the same as returning an Option and calling ok_or_else on it, so it was changed to do that, but I missed updating the docs.
This is prep work for allowing miri to support passing pointers to C code, which will require
Allocations to be correctly aligned. Currently, it just makesAllocationgeneric and plumbs the necessary changes through the right places.The follow-up to this will be adding a type in the miri interpreter which correctly aligns the bytes, using that for the Miri engine, then allowing Miri to pass pointers into these allocations to C calls.
Based off of #100467, credit to @emarteca for the code