Detect incorrect vtable alignment during const eval #86174
Conversation
|
Some changes occured to the CTFE / Miri engine cc @rust-lang/miri |
rust-highfive
added
the
S-waiting-on-review
This is the error I expected -- it is a UB message coming from regular execution, not part of validation. If you can trigger this bug in validation that will likely ICE as the I think what happens is that already during interning (or even earlier), we try to read the vtable and hence run into the "lint" error path. This means we never even reach validation where we would show a hard error and a different message. You could try to set |
I'm not super versed in miri traces but there's indeed a difference that seems to match your intuition:
|
Their distinguishing factor is that they are
Yeah, looks like something is dereferencing this reference; I assume there is an implicit reborrow happening somewhere. I think you should totally keep these testcases, but here's an idea for another one that might trigger a #[repr(transparent)]
struct W<T>(T);
const INVALID_VTABLE_SIZE: W<&dyn Send> =
unsafe { std::mem::transmute((&92u8, &[1usize, usize::MAX, 0usize])) };The wrapping So let's fabricate a proper drop pointer. In fact, here's how to cause an ICE since this kind of error is not handled properly 😂 #[repr(transparent)]
struct W<T>(T);
// The drop fn is checked before size/align are, so get ourselves a "sufficiently valid" drop fn
fn drop_me(_: *mut usize) {}
const INVALID_VTABLE_SIZE: W<&dyn Send> =
unsafe { std::mem::transmute((&92u8, &(drop_me as fn(*mut usize), usize::MAX, 1usize))) }; |
also add tests for these 2 kinds of errors for size and alignment, as the existing size check wasn't apparently tested
yes absolutely, this is what I was alluding to (very obscurely) in the OP: I've seen this "transparent wrapper trick" to prevent reborrows, in the I didn't end up adding a test case like this one because invalid drop pointers seemed well tested. |
|
At least validation is honest about why it ICEs :) rust/compiler/rustc_mir/src/interpret/validity.rs Lines 949 to 954 in eab201d |
|
Right, so we should fix that ICE and I can give you some hints for how to do that, but independent of that I think we can first land this one here. Thanks for the patch! @bors r+ rollup |
|
📌 Commit d449903 has been approved by |
bors
added
S-waiting-on-bors
Detect incorrect vtable alignment during const eval This PR fixes rust-lang#86132 by detecting invalid alignment values for trait objects in the interpreter, and emitting an error about this conversion failure, to avoid the ICE. I've noticed that the error emitted at https://github.com/rust-lang/rust/blob/a50d72158e08e02cfc051b863017bdbd2c45b637/compiler/rustc_mir/src/interpret/traits.rs#L163-L166 doesn't seem to be present in the const-ub tests, so I've tried adding a test that triggers both of these cases: one for the invalid size, and another for the invalid alignment that rust-lang#86132 tracks (I have found different magic values triggering different `Align::from_bytes` errors than the "power of 2" one, if need be). However, when doing that, I *cannot* for the life of me figure out the correct incantation to make these 2 errors trigger with the "it is undefined behavior to use this value" message rather than the "any use of this value will cause an error" lint. I've tried Oli's suggestions of different values, tuples and arrays, using the transparent wrapper trick from the other tests and I was only able to trigger the regular const-ub errors about the size of the vtable, or that the drop pointer was invalid. Maybe these "type validation failed" errors happen before this part of the interpreter is reached and there just needs some magic incorrect values to bypass them, I don't know. Since this fixes an ICE, and if the constants are indeed used, these 2 tests will turn into a hard error, I thought I'd open the PR anyways. And if `@RalfJung` you know of a way I could manage that (if you think that these tests are worth checking that the `throw_ub_format!` does indeed create const-ub errors as we expect) I'd be grateful. For that reason, r? `@RalfJung` and cc `@oli-obk.`
Detect incorrect vtable alignment during const eval This PR fixes rust-lang#86132 by detecting invalid alignment values for trait objects in the interpreter, and emitting an error about this conversion failure, to avoid the ICE. I've noticed that the error emitted at https://github.com/rust-lang/rust/blob/a50d72158e08e02cfc051b863017bdbd2c45b637/compiler/rustc_mir/src/interpret/traits.rs#L163-L166 doesn't seem to be present in the const-ub tests, so I've tried adding a test that triggers both of these cases: one for the invalid size, and another for the invalid alignment that rust-lang#86132 tracks (I have found different magic values triggering different `Align::from_bytes` errors than the "power of 2" one, if need be). However, when doing that, I *cannot* for the life of me figure out the correct incantation to make these 2 errors trigger with the "it is undefined behavior to use this value" message rather than the "any use of this value will cause an error" lint. I've tried Oli's suggestions of different values, tuples and arrays, using the transparent wrapper trick from the other tests and I was only able to trigger the regular const-ub errors about the size of the vtable, or that the drop pointer was invalid. Maybe these "type validation failed" errors happen before this part of the interpreter is reached and there just needs some magic incorrect values to bypass them, I don't know. Since this fixes an ICE, and if the constants are indeed used, these 2 tests will turn into a hard error, I thought I'd open the PR anyways. And if ``@RalfJung`` you know of a way I could manage that (if you think that these tests are worth checking that the `throw_ub_format!` does indeed create const-ub errors as we expect) I'd be grateful. For that reason, r? ``@RalfJung`` and cc ``@oli-obk.``
Rollup of 7 pull requests Successful merges: - rust-lang#85800 (Fix some diagnostic issues with const_generics_defaults feature gate) - rust-lang#85823 (Do not suggest ampmut if rhs is already mutable) - rust-lang#86153 (Print dummy spans as `no-location`) - rust-lang#86174 (Detect incorrect vtable alignment during const eval) - rust-lang#86189 (Make `relate_type_and_mut` public) - rust-lang#86205 (Run full const-generics test for issue-72293) - rust-lang#86217 (Remove "generic type" in boxed.rs) Failed merges: r? `@ghost` `@rustbot` modify labels: rollup
This PR fixes #86132 by detecting invalid alignment values for trait objects in the interpreter, and emitting an error about this conversion failure, to avoid the ICE.
I've noticed that the error emitted at
rust/compiler/rustc_mir/src/interpret/traits.rs
Lines 163 to 166 in a50d721
Align::from_byteserrors than the "power of 2" one, if need be).However, when doing that, I cannot for the life of me figure out the correct incantation to make these 2 errors trigger with the "it is undefined behavior to use this value" message rather than the "any use of this value will cause an error" lint.
I've tried Oli's suggestions of different values, tuples and arrays, using the transparent wrapper trick from the other tests and I was only able to trigger the regular const-ub errors about the size of the vtable, or that the drop pointer was invalid. Maybe these "type validation failed" errors happen before this part of the interpreter is reached and there just needs some magic incorrect values to bypass them, I don't know.
Since this fixes an ICE, and if the constants are indeed used, these 2 tests will turn into a hard error, I thought I'd open the PR anyways. And if @RalfJung you know of a way I could manage that (if you think that these tests are worth checking that the
throw_ub_format!does indeed create const-ub errors as we expect) I'd be grateful.For that reason, r? @RalfJung and cc @oli-obk.