Enable Miri to pass pointers through FFI#129684
Merged
bors merged 1 commit intorust-lang:masterfrom Aug 31, 2024
Merged
Conversation
rustbot
added
S-waiting-on-review
Collaborator
|
Some changes occurred to the CTFE / Miri engine cc @rust-lang/miri Some changes occurred to the CTFE / Miri engine cc @rust-lang/miri The Miri subtree was changed cc @rust-lang/miri |
Contributor
Author
|
Oh. Well that didn't work yet. |
RalfJung
reviewed
Aug 28, 2024
RalfJung
reviewed
Aug 28, 2024
RalfJung
reviewed
Aug 28, 2024
RalfJung
reviewed
Aug 29, 2024
| @@ -1 +1,2 @@ | |||
| printing from C | |||
| printing pointer dereference from C: 42 | |||
This comment has been minimized.
This comment has been minimized.
Contributor
Author
|
(I might quickly try to enhance+refactor the C pointer FFI tests in Miri now.) |
RalfJung
reviewed
Aug 29, 2024
RalfJung
reviewed
Aug 29, 2024
RalfJung
reviewed
Aug 30, 2024
RalfJung
reviewed
Aug 30, 2024
Strophox
force-pushed
the
miri-pass-pointer-to-ffi
branch
from
dcdb101 to
6e23a4d
Compare
RalfJung
reviewed
Aug 30, 2024
Member
RalfJung
left a comment
RalfJung
left a comment
There was a problem hiding this comment.
Looks good overall, thanks! Just got some nits regarding the tests.
RalfJung
reviewed
Aug 30, 2024
Member
|
Please squash the commits, then we can land this. :-) |
Co-authored-by: Ralf Jung <post@ralfj.de>
Strophox
force-pushed
the
miri-pass-pointer-to-ffi
branch
from
730bd97 to
7fde02e
Compare
Member
|
Great, congrats on getting this finished! @bors r+ |
Collaborator
bors
added
S-waiting-on-bors
matthiaskrgr
added a commit
to matthiaskrgr/rust
that referenced
this pull request
Aug 31, 2024
… r=RalfJung Enable Miri to pass pointers through FFI Following rust-lang#126787, the purpose of this PR is to now enable Miri to execute native calls that make use of pointers. > <details> > > <summary> Simple example </summary> > > ```rust > extern "C" { > fn ptr_printer(ptr: *mut i32); > } > > fn main() { > let ptr = &mut 42 as *mut i32; > unsafe { > ptr_printer(ptr); > } > } > ``` > ```c > void ptr_printer(int *ptr) { > printf("printing pointer dereference from C: %d\n", *ptr); > } > ``` > should now show `printing pointer dereference from C: 42`. > > </details> Note that this PR does not yet implement any logic involved in updating Miri's "analysis" state (byte initialization, provenance) upon such a native call. r? `@RalfJung`
This was referenced Aug 31, 2024
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Aug 31, 2024
…iaskrgr Rollup of 11 pull requests Successful merges: - rust-lang#128523 (Add release notes for 1.81.0) - rust-lang#129605 (Add missing `needs-llvm-components` directives for run-make tests that need target-specific codegen) - rust-lang#129650 (Clean up `library/profiler_builtins/build.rs`) - rust-lang#129651 (skip stage 0 target check if `BOOTSTRAP_SKIP_TARGET_SANITY` is set) - rust-lang#129684 (Enable Miri to pass pointers through FFI) - rust-lang#129762 (Update the `wasm-component-ld` binary dependency) - rust-lang#129782 (couple more crash tests) - rust-lang#129816 (tidy: say which feature gate has a stability issue mismatch) - rust-lang#129818 (make the const-unstable-in-stable error more clear) - rust-lang#129824 (Fix code examples buttons not appearing on click on mobile) - rust-lang#129826 (library: Fix typo in `core::mem`) r? `@ghost` `@rustbot` modify labels: rollup
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Aug 31, 2024
…iaskrgr Rollup of 11 pull requests Successful merges: - rust-lang#128523 (Add release notes for 1.81.0) - rust-lang#129605 (Add missing `needs-llvm-components` directives for run-make tests that need target-specific codegen) - rust-lang#129650 (Clean up `library/profiler_builtins/build.rs`) - rust-lang#129651 (skip stage 0 target check if `BOOTSTRAP_SKIP_TARGET_SANITY` is set) - rust-lang#129684 (Enable Miri to pass pointers through FFI) - rust-lang#129762 (Update the `wasm-component-ld` binary dependency) - rust-lang#129782 (couple more crash tests) - rust-lang#129816 (tidy: say which feature gate has a stability issue mismatch) - rust-lang#129818 (make the const-unstable-in-stable error more clear) - rust-lang#129824 (Fix code examples buttons not appearing on click on mobile) - rust-lang#129826 (library: Fix typo in `core::mem`) r? `@ghost` `@rustbot` modify labels: rollup
rust-timer
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Aug 31, 2024
Rollup merge of rust-lang#129684 - Strophox:miri-pass-pointer-to-ffi, r=RalfJung Enable Miri to pass pointers through FFI Following rust-lang#126787, the purpose of this PR is to now enable Miri to execute native calls that make use of pointers. > <details> > > <summary> Simple example </summary> > > ```rust > extern "C" { > fn ptr_printer(ptr: *mut i32); > } > > fn main() { > let ptr = &mut 42 as *mut i32; > unsafe { > ptr_printer(ptr); > } > } > ``` > ```c > void ptr_printer(int *ptr) { > printf("printing pointer dereference from C: %d\n", *ptr); > } > ``` > should now show `printing pointer dereference from C: 42`. > > </details> Note that this PR does not yet implement any logic involved in updating Miri's "analysis" state (byte initialization, provenance) upon such a native call. r? ``@RalfJung``
7 tasks
matthiaskrgr
added a commit
to matthiaskrgr/rust
that referenced
this pull request
Dec 6, 2024
…-ffi, r=RalfJung Extend Miri to correctly pass mutable pointers through FFI Based off of rust-lang#129684, this PR further extends Miri to execute native calls that make use of pointers to *mutable* memory. We adapt Miri's bookkeeping of internal state upon any FFI call that gives external code permission to mutate memory. Native code may now possibly write and therefore initialize and change the pointer provenance of bytes it has access to: Such memory is assumed to be *initialized* afterwards and bytes are given *arbitrary (wildcard) provenance*. This enables programs that correctly use mutating FFI calls to run Miri without errors, at the cost of possibly missing Undefined Behaviour caused by incorrect usage of mutating FFI. > <details> > > <summary> Simple example </summary> > > ```rust > extern "C" { > fn init_int(ptr: *mut i32); > } > > fn main() { > let mut x = std::mem::MaybeUninit::<i32>::uninit(); > let x = unsafe { > init_int(x.as_mut_ptr()); > x.assume_init() > }; > > println!("C initialized my memory to: {x}"); > } > ``` > ```c > void init_int(int *ptr) { > *ptr = 42; > } > ``` > should now show `C initialized my memory to: 42`. > > </details> r? `@RalfJung`
matthiaskrgr
added a commit
to matthiaskrgr/rust
that referenced
this pull request
Dec 6, 2024
…-ffi, r=RalfJung Extend Miri to correctly pass mutable pointers through FFI Based off of rust-lang#129684, this PR further extends Miri to execute native calls that make use of pointers to *mutable* memory. We adapt Miri's bookkeeping of internal state upon any FFI call that gives external code permission to mutate memory. Native code may now possibly write and therefore initialize and change the pointer provenance of bytes it has access to: Such memory is assumed to be *initialized* afterwards and bytes are given *arbitrary (wildcard) provenance*. This enables programs that correctly use mutating FFI calls to run Miri without errors, at the cost of possibly missing Undefined Behaviour caused by incorrect usage of mutating FFI. > <details> > > <summary> Simple example </summary> > > ```rust > extern "C" { > fn init_int(ptr: *mut i32); > } > > fn main() { > let mut x = std::mem::MaybeUninit::<i32>::uninit(); > let x = unsafe { > init_int(x.as_mut_ptr()); > x.assume_init() > }; > > println!("C initialized my memory to: {x}"); > } > ``` > ```c > void init_int(int *ptr) { > *ptr = 42; > } > ``` > should now show `C initialized my memory to: 42`. > > </details> r? ``@RalfJung``
rust-timer
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Dec 6, 2024
Rollup merge of rust-lang#133211 - Strophox:miri-correct-state-update-ffi, r=RalfJung Extend Miri to correctly pass mutable pointers through FFI Based off of rust-lang#129684, this PR further extends Miri to execute native calls that make use of pointers to *mutable* memory. We adapt Miri's bookkeeping of internal state upon any FFI call that gives external code permission to mutate memory. Native code may now possibly write and therefore initialize and change the pointer provenance of bytes it has access to: Such memory is assumed to be *initialized* afterwards and bytes are given *arbitrary (wildcard) provenance*. This enables programs that correctly use mutating FFI calls to run Miri without errors, at the cost of possibly missing Undefined Behaviour caused by incorrect usage of mutating FFI. > <details> > > <summary> Simple example </summary> > > ```rust > extern "C" { > fn init_int(ptr: *mut i32); > } > > fn main() { > let mut x = std::mem::MaybeUninit::<i32>::uninit(); > let x = unsafe { > init_int(x.as_mut_ptr()); > x.assume_init() > }; > > println!("C initialized my memory to: {x}"); > } > ``` > ```c > void init_int(int *ptr) { > *ptr = 42; > } > ``` > should now show `C initialized my memory to: 42`. > > </details> r? ``@RalfJung``
github-actions bot
pushed a commit
to rust-lang/miri
that referenced
this pull request
Dec 7, 2024
…alfJung Extend Miri to correctly pass mutable pointers through FFI Based off of rust-lang/rust#129684, this PR further extends Miri to execute native calls that make use of pointers to *mutable* memory. We adapt Miri's bookkeeping of internal state upon any FFI call that gives external code permission to mutate memory. Native code may now possibly write and therefore initialize and change the pointer provenance of bytes it has access to: Such memory is assumed to be *initialized* afterwards and bytes are given *arbitrary (wildcard) provenance*. This enables programs that correctly use mutating FFI calls to run Miri without errors, at the cost of possibly missing Undefined Behaviour caused by incorrect usage of mutating FFI. > <details> > > <summary> Simple example </summary> > > ```rust > extern "C" { > fn init_int(ptr: *mut i32); > } > > fn main() { > let mut x = std::mem::MaybeUninit::<i32>::uninit(); > let x = unsafe { > init_int(x.as_mut_ptr()); > x.assume_init() > }; > > println!("C initialized my memory to: {x}"); > } > ``` > ```c > void init_int(int *ptr) { > *ptr = 42; > } > ``` > should now show `C initialized my memory to: 42`. > > </details> r? ``@RalfJung``
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Following #126787, the purpose of this PR is to now enable Miri to execute native calls that make use of pointers.
Note that this PR does not yet implement any logic involved in updating Miri's "analysis" state (byte initialization, provenance) upon such a native call.
r? @RalfJung