miri: Detect uninitialized integers and floats #88670

camelid · 2021-09-05T18:38:44Z

Part of rust-lang/miri#1340.

Companion Miri PR: rust-lang/miri#1904

r? @RalfJung

rust-highfive · 2021-09-05T18:38:46Z

Some changes occured to the CTFE / Miri engine

cc @rust-lang/miri

compiler/rustc_mir/src/interpret/validity.rs

camelid · 2021-09-23T17:32:13Z

Rebased to fix merge conflicts.

camelid · 2021-10-26T23:15:26Z

I can squash, too, but I'll wait for you to review first :)

camelid · 2021-11-07T02:21:32Z

compiler/rustc_const_eval/src/interpret/validity.rs

@@ -212,6 +212,10 @@ struct ValidityVisitor<'rt, 'mir, 'tcx, M: Machine<'mir, 'tcx>> {
 }

 impl<'rt, 'mir, 'tcx: 'mir, M: Machine<'mir, 'tcx>> ValidityVisitor<'rt, 'mir, 'tcx, M> {
+    fn allow_uninit_and_ptr_numbers(&self) -> bool {
+        !M::enforce_number_initialization(self.ecx)


One thing that might be confusing about this is that enforce_number_initialization also controls whether pointer numbers are allowed. Should I rename enforce_number_initialization to something like enforce_number_validity (and maybe rename the Miri-the-tool flag too)?

I like enforce_number_validity. :)

Also, what is the point of introducing fn allow_uninit_and_ptr_numbers here?

I like enforce_number_validity. :)

Ok, I'll rename to that :)

One thing though: will it be confusing because enforce_validity also exists?

Also, what is the point of introducing fn allow_uninit_and_ptr_numbers here?

It's not really necessary anymore; I'll remove it.

One thing though: will it be confusing because enforce_validity also exists?

On a broad level it seems consistent. It gets a bit subtle but I think we can handle this with comments/documentation.

Yeah, and if we have to, we can rename the flag later too. Anyway, I updated this PR and the miri PR with the rename :)

compiler/rustc_const_eval/src/interpret/machine.rs

RalfJung · 2021-11-10T00:11:01Z

Looking good, apart from a final comment nit. :)

Change the Miri engine to allow configuring whether to check initialization of integers and floats. This allows the Miri tool to optionally check for initialization if requested by the user.

camelid · 2021-11-10T00:22:48Z

Done! Thanks for your help with this PR :)

RalfJung · 2021-11-10T00:47:09Z

Sure, thanks for your patience. :)
@bors r+

bors · 2021-11-10T00:47:11Z

📌 Commit d8a1454 has been approved by RalfJung

bors · 2021-11-10T09:36:06Z

⌛ Testing commit d8a1454 with merge 800a156...

bors · 2021-11-10T12:32:35Z

☀️ Test successful - checks-actions
Approved by: RalfJung
Pushing 800a156 to master...

rust-highfive · 2021-11-10T12:33:01Z

📣 Toolstate changed by #88670!

Tested on commit 800a156.
Direct link to PR: #88670

💔 miri on windows: test-pass → build-fail (cc @oli-obk @eddyb @RalfJung).
💔 miri on linux: test-pass → build-fail (cc @oli-obk @eddyb @RalfJung).

@oli-obk

Tested on commit rust-lang/rust@800a156. Direct link to PR: <rust-lang/rust#88670> 💔 miri on windows: test-pass → build-fail (cc @oli-obk @eddyb @RalfJung). 💔 miri on linux: test-pass → build-fail (cc @oli-obk @eddyb @RalfJung).

rust-timer · 2021-11-10T16:02:22Z

Finished benchmarking commit (800a156): comparison url.

Summary: This change led to large relevant regressions 😿 in compiler performance.

Large regression in instruction counts (up to 1.0% on incr-unchanged builds of wg-grammar)

If you disagree with this performance assessment, please file an issue in rust-lang/rustc-perf.

Next Steps: If you can justify the regressions found in this perf run, please indicate this with @rustbot label: +perf-regression-triaged along with sufficient written justification. If you cannot justify the regressions please open an issue or create a new PR that fixes the regressions, add a comment linking to the newly created issue or PR, and then add the perf-regression-triaged label to this PR.

@rustbot label: +perf-regression

RalfJung · 2021-11-10T16:07:05Z

I cannot quite explain why there would be any perf change here... if anything this should improve perf since two conditionals got replaced by a constant true. Strange.

camelid · 2021-11-10T19:31:00Z

I cannot quite explain why there would be any perf change here... if anything this should improve perf since two conditionals got replaced by a constant true. Strange.

Maybe there's a mismatch between ctfe_mode and compile_time_machine!, so this check is being run more than before? From what I can see, the perf regressions seem to be in unrelated queries though.

RalfJung · 2021-11-10T19:38:59Z

No, in rustc the check is only ever invoked by the CTFE query code after obtaining the final result. enforce_validity is false so the check is never run during evaluation.

So that we get rust-lang/rust#88670.

Add flag to check for uninitialized numbers Closes #1340. Companion rustc PR that implements this in the Miri engine: rust-lang/rust#88670 r? `@RalfJung`

Mark-Simulacrum · 2021-11-16T14:56:31Z

I'm pretty sure this is noise, likely due to the introduction of randomized hashing as part of incr-comp verification that hasn't lasted long enough yet to bump noise levels up as part of perf collection.

Unmarking as a regression.

camelid added A-MIR Area: Mid-level IR (MIR) - https://blog.rust-lang.org/2016/04/19/MIR.html A-miri Area: The miri tool labels Sep 5, 2021

rust-highfive assigned RalfJung Sep 5, 2021

rust-highfive added the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Sep 5, 2021

camelid force-pushed the miri-uninit-num branch from 676451f to 06ca933 Compare September 5, 2021 18:41

camelid commented Sep 5, 2021

View reviewed changes

compiler/rustc_mir/src/interpret/validity.rs Outdated Show resolved Hide resolved

camelid force-pushed the miri-uninit-num branch from 06ca933 to 5e17e7b Compare September 5, 2021 18:44