Skip to content

Make stable_mir::with_tables sound #120128

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jan 22, 2024
Merged

Make stable_mir::with_tables sound #120128

merged 4 commits into from
Jan 22, 2024

Conversation

oli-obk
Copy link
Contributor

@oli-obk oli-obk commented Jan 19, 2024

See the first commit for the actual soundness fix. The rest is just fallout from that and is entirely safe code. Includes most of #120120

The major difference to #120120 is that we don't need an unsafe trait, as we can now rely on the type system (the only unsafe part, and the actual source of the unsoundness was in with_tables)

r? @celinval

oli-obk and others added 3 commits January 19, 2024 09:42
@oli-obk
Fix a soundness bug in with_tables.
06a9dbe 
We were able to uplift any value from `Tables` to `'static`, which is unsound.
@oli-obk
Fix Stable trait and its impls to work with the new with_tables
61361c1
@celinval @oli-obk
Ensure internal function is safe
9aace67 
The internal function was unsound, it could cause UB in rare cases where
the user inadvertly stored the returned object in a location that could
outlive the TyCtxt.

In order to make it safe, we now take a type context as an argument to
the internal fn, and we ensure that interned items are lifted using the
provided context.

Thus, this change ensures that the compiler can properly enforce
that the object does not outlive the type context it was lifted to.
@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. labels Jan 19, 2024
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@oli-obk oli-obk force-pushed the smir_internal_lift branch from c1b5e76 to 6cd6539 Compare January 19, 2024 11:26
@celinval
Copy link
Contributor

@bors r+ rollup

@bors
Copy link
Collaborator

bors commented Jan 21, 2024

📌 Commit 6cd6539 has been approved by celinval

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Jan 21, 2024
matthiaskrgr added a commit to matthiaskrgr/rust that referenced this pull request Jan 21, 2024
@matthiaskrgr
Rollup merge of rust-lang#120128 - oli-obk:smir_internal_lift, r=celi…
3f10dc7 
…nval

Make stable_mir::with_tables sound

See the first commit for the actual soundness fix. The rest is just fallout from that and is entirely safe code. Includes most of rust-lang#120120

The major difference to rust-lang#120120 is that we don't need an unsafe trait, as we can now rely on the type system (the only unsafe part, and the actual source of the unsoundness was in `with_tables`)

r? `@celinval`
This was referenced Jan 21, 2024
Closed
Merged
bors added a commit to rust-lang-ci/rust that referenced this pull request Jan 21, 2024
@bors
Auto merge of rust-lang#120196 - matthiaskrgr:rollup-id2zocf, r=matth…
b491552 
…iaskrgr

Rollup of 8 pull requests

Successful merges:

 - rust-lang#120005 (Update Readme)
 - rust-lang#120045 (Un-hide `iter::repeat_n`)
 - rust-lang#120128 (Make stable_mir::with_tables sound)
 - rust-lang#120145 (fix: Drop guard was deallocating with the incorrect size)
 - rust-lang#120158 (`rustc_mir_dataflow`: Restore removed exports)
 - rust-lang#120167 (Capture the rationale for `-Zallow-features=` in bootstrap.py)
 - rust-lang#120174 (Warn users about limited review for tier 2 and 3 code)
 - rust-lang#120180 (Document some alternatives to `Vec::split_off`)

Failed merges:

 - rust-lang#120171 (Fix assume and assert in jump threading)

r? `@ghost`
`@rustbot` modify labels: rollup
bors added a commit to rust-lang-ci/rust that referenced this pull request Jan 21, 2024
@bors
Auto merge of rust-lang#120196 - matthiaskrgr:rollup-id2zocf, r=matth…
1318a92 
…iaskrgr

Rollup of 8 pull requests

Successful merges:

 - rust-lang#120005 (Update Readme)
 - rust-lang#120045 (Un-hide `iter::repeat_n`)
 - rust-lang#120128 (Make stable_mir::with_tables sound)
 - rust-lang#120145 (fix: Drop guard was deallocating with the incorrect size)
 - rust-lang#120158 (`rustc_mir_dataflow`: Restore removed exports)
 - rust-lang#120167 (Capture the rationale for `-Zallow-features=` in bootstrap.py)
 - rust-lang#120174 (Warn users about limited review for tier 2 and 3 code)
 - rust-lang#120180 (Document some alternatives to `Vec::split_off`)

Failed merges:

 - rust-lang#120171 (Fix assume and assert in jump threading)

r? `@ghost`
`@rustbot` modify labels: rollup
bors added a commit to rust-lang-ci/rust that referenced this pull request Jan 21, 2024
@bors
Auto merge of rust-lang#120196 - matthiaskrgr:rollup-id2zocf, r=matth…
e0afda4 
…iaskrgr

Rollup of 8 pull requests

Successful merges:

 - rust-lang#120005 (Update Readme)
 - rust-lang#120045 (Un-hide `iter::repeat_n`)
 - rust-lang#120128 (Make stable_mir::with_tables sound)
 - rust-lang#120145 (fix: Drop guard was deallocating with the incorrect size)
 - rust-lang#120158 (`rustc_mir_dataflow`: Restore removed exports)
 - rust-lang#120167 (Capture the rationale for `-Zallow-features=` in bootstrap.py)
 - rust-lang#120174 (Warn users about limited review for tier 2 and 3 code)
 - rust-lang#120180 (Document some alternatives to `Vec::split_off`)

Failed merges:

 - rust-lang#120171 (Fix assume and assert in jump threading)

r? `@ghost`
`@rustbot` modify labels: rollup
bors added a commit to rust-lang-ci/rust that referenced this pull request Jan 21, 2024
@bors
Auto merge of rust-lang#120196 - matthiaskrgr:rollup-id2zocf, r=matth…
053f259 
…iaskrgr

Rollup of 8 pull requests

Successful merges:

 - rust-lang#120005 (Update Readme)
 - rust-lang#120045 (Un-hide `iter::repeat_n`)
 - rust-lang#120128 (Make stable_mir::with_tables sound)
 - rust-lang#120145 (fix: Drop guard was deallocating with the incorrect size)
 - rust-lang#120158 (`rustc_mir_dataflow`: Restore removed exports)
 - rust-lang#120167 (Capture the rationale for `-Zallow-features=` in bootstrap.py)
 - rust-lang#120174 (Warn users about limited review for tier 2 and 3 code)
 - rust-lang#120180 (Document some alternatives to `Vec::split_off`)

Failed merges:

 - rust-lang#120171 (Fix assume and assert in jump threading)

r? `@ghost`
`@rustbot` modify labels: rollup
bors added a commit to rust-lang-ci/rust that referenced this pull request Jan 22, 2024
@bors
Auto merge of rust-lang#120196 - matthiaskrgr:rollup-id2zocf, r=matth…
6fff796 
…iaskrgr

Rollup of 8 pull requests

Successful merges:

 - rust-lang#120005 (Update Readme)
 - rust-lang#120045 (Un-hide `iter::repeat_n`)
 - rust-lang#120128 (Make stable_mir::with_tables sound)
 - rust-lang#120145 (fix: Drop guard was deallocating with the incorrect size)
 - rust-lang#120158 (`rustc_mir_dataflow`: Restore removed exports)
 - rust-lang#120167 (Capture the rationale for `-Zallow-features=` in bootstrap.py)
 - rust-lang#120174 (Warn users about limited review for tier 2 and 3 code)
 - rust-lang#120180 (Document some alternatives to `Vec::split_off`)

Failed merges:

 - rust-lang#120171 (Fix assume and assert in jump threading)

r? `@ghost`
`@rustbot` modify labels: rollup
@bors bors merged commit a72d6c1 into rust-lang:master Jan 22, 2024
@rustbot rustbot added this to the 1.77.0 milestone Jan 22, 2024
rust-timer added a commit to rust-lang-ci/rust that referenced this pull request Jan 22, 2024
@rust-timer
Unrolled build for rust-lang#120128
4444a10 
Rollup merge of rust-lang#120128 - oli-obk:smir_internal_lift, r=celinval

Make stable_mir::with_tables sound

See the first commit for the actual soundness fix. The rest is just fallout from that and is entirely safe code. Includes most of rust-lang#120120

The major difference to rust-lang#120120 is that we don't need an unsafe trait, as we can now rely on the type system (the only unsafe part, and the actual source of the unsoundness was in `with_tables`)

r? `@celinval`
celinval added a commit to celinval/kani-dev that referenced this pull request Jan 24, 2024
@celinval
Update calls to internal to pass TyCtxt
d8936d6 
  - This is due to the safety fix to the internal function, which was
    done here: rust-lang/rust#120128
@celinval celinval mentioned this pull request Jan 24, 2024
Merged
feliperodri added a commit to model-checking/kani that referenced this pull request Feb 8, 2024
@celinval @github-actions
@tautschnig @qinheping @feliperodri
Upgrade Rust toolchain to nightly-2024-01-23 (#2983)
f8fabc4 
Related PRs so far:

- rust-lang/rust#119869
- rust-lang/rust#120080
- rust-lang/rust#120128
- rust-lang/rust#119369
- rust-lang/rust#116672

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 and MIT licenses.

---------

Signed-off-by: Felipe R. Monteiro <[email protected]>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: tautschnig <[email protected]>
Co-authored-by: Qinheping Hu <[email protected]>
Co-authored-by: Michael Tautschnig <[email protected]>
Co-authored-by: Felipe R. Monteiro <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@celinval celinval

Labels
S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
1.77.0
Development

Successfully merging this pull request may close these issues.
5 participants
@oli-obk @rust-log-analyzer @celinval @bors @rustbot