Rollup merge of rust-lang#113441 - RalfJung:assign-no-overlap, r=oli-obk

matthiaskrgr · web-flow · commit 016036a262aa · 2023-07-07T20:53:14.000+02:00
miri: check that assignments do not self-overlap

r? ``@oli-obk``
diff --git a/compiler/rustc_const_eval/src/interpret/place.rs b/compiler/rustc_const_eval/src/interpret/place.rs
@@ -700,8 +700,13 @@ where
             assert_eq!(src.layout.size, dest.layout.size);
         }
 
+        // Setting `nonoverlapping` here only has an effect when we don't hit the fast-path above,
+        // but that should at least match what LLVM does where `memcpy` is also only used when the
+        // type does not have Scalar/ScalarPair layout.
+        // (Or as the `Assign` docs put it, assignments "not producing primitives" must be
+        // non-overlapping.)
         self.mem_copy(
-            src.ptr, src.align, dest.ptr, dest.align, dest_size, /*nonoverlapping*/ false,
+            src.ptr, src.align, dest.ptr, dest.align, dest_size, /*nonoverlapping*/ true,
         )
     }
 
diff --git a/src/tools/miri/tests/fail/overlapping_assignment.rs b/src/tools/miri/tests/fail/overlapping_assignment.rs
@@ -0,0 +1,23 @@
+#![feature(core_intrinsics)]
+#![feature(custom_mir)]
+
+use std::intrinsics::mir::*;
+
+// It's not that easy to fool the MIR validity check
+// which wants to prevent overlapping assignments...
+// So we use two separate pointer arguments, and then arrange for them to alias.
+#[custom_mir(dialect = "runtime", phase = "optimized")]
+pub fn self_copy(ptr1: *mut [i32; 4], ptr2: *mut [i32; 4]) {
+    mir! {
+        {
+            *ptr1 = *ptr2; //~ERROR: overlapping ranges
+            Return()
+        }
+    }
+}
+
+pub fn main() {
+    let mut x = [0; 4];
+    let ptr = std::ptr::addr_of_mut!(x);
+    self_copy(ptr, ptr);
+}
diff --git a/src/tools/miri/tests/fail/overlapping_assignment.stderr b/src/tools/miri/tests/fail/overlapping_assignment.stderr
@@ -0,0 +1,20 @@
+error: Undefined Behavior: `copy_nonoverlapping` called on overlapping ranges
+  --> $DIR/overlapping_assignment.rs:LL:CC
+   |
+LL |             *ptr1 = *ptr2;
+   |             ^^^^^^^^^^^^^ `copy_nonoverlapping` called on overlapping ranges
+   |
+   = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
+   = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
+   = note: BACKTRACE:
+   = note: inside `self_copy` at $DIR/overlapping_assignment.rs:LL:CC
+note: inside `main`
+  --> $DIR/overlapping_assignment.rs:LL:CC
+   |
+LL |     self_copy(ptr, ptr);
+   |     ^^^^^^^^^^^^^^^^^^^
+
+note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
+
+error: aborting due to previous error
+

Original file line number	Diff line number	Diff line change
`@@ -700,8 +700,13 @@ where`
`700`	`700`	`assert_eq!(src.layout.size, dest.layout.size);`
`701`	`701`	`}`
`702`	`702`
	`703`	+ // Setting `nonoverlapping` here only has an effect when we don't hit the fast-path above,
	`704`	+ // but that should at least match what LLVM does where `memcpy` is also only used when the
	`705`	`+ // type does not have Scalar/ScalarPair layout.`
	`706`	+ // (Or as the `Assign` docs put it, assignments "not producing primitives" must be
	`707`	`+ // non-overlapping.)`
`703`	`708`	`self.mem_copy(`
`704`		`- src.ptr, src.align, dest.ptr, dest.align, dest_size, /nonoverlapping/ false,`
	`709`	`+ src.ptr, src.align, dest.ptr, dest.align, dest_size, /nonoverlapping/ true,`
`705`	`710`	`)`
`706`	`711`	`}`
`707`	`712`