Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add overlap check when copying op #97639

Closed
wants to merge 3 commits into from

Conversation

SparrowLii
Copy link
Member

@SparrowLii SparrowLii commented Jun 2, 2022

This PR fixes the FIXME about adding overlap check when copying imm in const eval

@rust-highfive
Copy link
Collaborator

Some changes occured to the CTFE / Miri engine

cc @rust-lang/miri

@rustbot rustbot added the T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. label Jun 2, 2022
@rust-highfive
Copy link
Collaborator

r? @jackh726

(rust-highfive has picked a reviewer for you, use r? to override)

@rust-highfive rust-highfive added the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Jun 2, 2022
@oli-obk
Copy link
Contributor

oli-obk commented Jun 2, 2022

@bors r+ rollup

@bors
Copy link
Contributor

bors commented Jun 2, 2022

📌 Commit 2668b2a has been approved by oli-obk

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Jun 2, 2022
@RalfJung
Copy link
Member

RalfJung commented Jun 2, 2022

@bors r-
I still have some questions...

@bors bors added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. labels Jun 2, 2022
{
let size = src_val.layout.size;
if Self::check_ptr_overlap(src_id, src_offset, dest_id, dest_offset, size) {
throw_ub_format!("copy_nonoverlapping called on overlapping ranges")
Copy link
Member

@RalfJung RalfJung Jun 2, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not the copy_nonoverlapping intrinsic, this is the assignment operator.

Also, that condition up there is enormously complicated and looks like it just unwraps all abstractions to get out some deep implementation detail. What is actually conceptually happening here, at a high level?

Copy link
Member

@RalfJung RalfJung Jun 2, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the right way to fix this FIXME is what we are discussing in #68364: by using retagging and aliasing restrictions. I don't think digging through all abstractions here is a good way to guarantee anything, since it is basically impossible to figure out what is being guaranteed. It is way too easy for any of these conditions to not be met, and then we gain nothing.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, I think we shouldn't do this part of the PR. Sorry for the misleading FIXME. Generally many of the FIXME in the code are old and our thinking might have changed since the comment was written -- so it is a good idea to ask people what their current thoughts on this are before working on a FIXME.

Here, I think the comment should just be changed to explicitly reference #68364.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's all right. Thanks!

dest_offset: Size,
size: Size,
) -> bool {
let overlaps = |a, b| a <= b && b < a + size;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What happens if the addition here overflows?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! I think we can use b - a to avoid overflows since a <= b

@@ -1216,7 +1216,7 @@ impl<'mir, 'tcx: 'mir, M: Machine<'mir, 'tcx>> InterpCx<'mir, 'tcx, M> {
dest_offset: Size,
size: Size,
) -> bool {
let overlaps = |a, b| a <= b && b < a + size;
let overlaps = |a, b| a <= b && b - a < size;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a comment explaining why the subtraction cannot overflow.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we could rewrite this as a.checked_sub(b).map_or(false, |s| s < size)

Copy link
Member

@RalfJung RalfJung Jun 2, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if that makes it any clearer; why is false the right default?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, I think we can just comment that since `a <= b`, `b - a` will not overflows

@SparrowLii
Copy link
Member Author

@RalfJung I just made some correct to the conditon statements. If this is still unsatisfactory, we can close this PR

@SparrowLii SparrowLii closed this Jun 2, 2022
@RalfJung
Copy link
Member

RalfJung commented Jun 2, 2022

FWIW I am not entirely sure if we even want the copy to be non-overlapping -- in an idealized Rust specification, I there isn't even a direct mem-to-mem copy here. Instead we load the (r)value from memory, and then store it back somewhere. Overlap is actually allowed here. Then on top of that we impose some aliasing requirements to disallow overlapping. The 'nonoverlapping' flag just poorly approximates those aliasing requirements for certain cases.

However, the change in memory.rs looks good to me!

Cc @JakobDegen since this affects assignment semantics.

@RalfJung
Copy link
Member

RalfJung commented Jun 2, 2022

Also see #97663

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants