Undefined behavior detected by miri

[dodomorandi]

I just discovered an UB whilst testing another project with miri. Primitive::from_slice and Primitive::from_slice_mut perform an invalid unsafe cast, which is detected by miri.

EDIT: #1358 showed that it is just a matter of a wrong as_ptr fn, therefore Primitive::from_slice is likely to be unaffected.

Expected

cargo +nightly miri test should not raise any problem.

Actual behaviour

test buffer_::test::mut_iter triggers UB.

Reproduction steps

Just run miri on tests ☺️

[HeroicKatora]

Did you find any other miri failures? Running all tests takes a long time and uses quite a lot of memory :)

[dodomorandi]

I did not try, but I am trying now to run all the tests with miri. 😉

[dodomorandi]

Sorry if I did not reply, but it looks like using miri on some test is hardly doable: I went OOM with 16GiB of RAM, then asked for help to @lu-zero, and it nearly OOM with 32GiB of RAM. He is going to try on another machine with 64GiB, let's see if it helps... Ouch, Miri is still unavailable for aarch64-unknown-linux-gnu. Still trying on the 32GiB machine with some swap...

[lu-zero]

So far codecs::png::tests::ensure_no_decoder_off_by_one is a bit outrageous

 8334 lu_zero   20   0   47.3g  30.6g    856 S 100.0  97.7 204:27.42 miri

[nabijaczleweli]

I have a 96G amd64 machine, I'll spin the tests there as well.

[HeroicKatora]

It also shouldn't be strictly necessary to run all tests. Only those which eventually might call into unsafe code might yield interesting results in miri, apart from bugs in the compiler or standard library. I'm sure many tests are very verbose in this regard, in particular the reference image rendering test suite test a miniscule amount of unsafe code as many decoders are entirely safe.

[nabijaczleweli]

After 4h20 of CPU time (plus a single restart to add -Zmiri-disable-isolation 40 minutes in :v), I'm at 43/137 tests with miri. I'd rather not restart this for reasons I assume obvious, and it's currently at 52.5G resident set, so I can hardly run another set of tests in parallel (which miri is not doing for some reason, so those four hours are on one out of the twenty four CPUs, I'm pretty sure, which kinda sucks since they're relatively slow).

If there's an easy way to find out which tests resolve to unsafe blocks, as you say, then I'll be happy to restrict to those tests in future, but I don't know of one nor particularly feel like going through over a hundred tests when I can just let'er rip overnight instead tbh.

[dodomorandi]

@HeroicKatora You are totally right, I am guilty of being lazy not looking for unsafe code to test with miri 😅

Lets' summarize:

• buffer_::test::mut_iter already detected the issue with Primitive::from_slice_mut
• buffer_::benchmarks::test_image_buffer_copy_within_ (using --features benchmark) can be used to check buffer::slice_copy_within, and it passes flawlessly
• buffer_::test::get_pixel can be used to test Primitive::from_slice, and it passes flawlessly.

Is there anything I am missing? Otherwise we can close this 🎉

[lu-zero]

For those curious, codecs::png::tests::ensure_no_decoder_off_by_one is still going and we are at

1632769 root      20   0   87.6g  77.5g 142272 S 100.0  30.5 403:09.62 miri

[HeroicKatora]

@dodomorandi Thanks for investigating. That should indeed cover most of it. There are some uses of bytemuck that are scary in the implementation but which we have determined to trust on int-to-byte transmutes.

I've tried running siderophile. It's not entirely accurate as it is using geiger which notoriously undercounts unsafe coming from macros but it should give a somewhat sensible first impression. Note that in particular the top results are entirely due to bytemuck if I'm not mistaken. Contrast this with hdr, gif, webp which are due to byteorder. Anyways, the full report is this:

$ ~/git/siderophile/target/release/siderophile --crate-name image
Badness  Function
    076  image::image::decoder_to_vec
    062  image::dynimage::DynamicImage::from_decoder
    062  image::dynimage::decoder_to_image
    020  image::io::free_functions::load
    010  <image::codecs::tiff::TiffDecoder<R> as ImageDecoder>::read_image
    010  image::dynimage::load_from_memory
    010  image::io::free_functions::open_impl
    003  image::utils::vec_copy_to_u8
    002  <image::codecs::gif::GifDecoder<R> as ImageDecoder>::read_image
    002  <image::codecs::hdr::decoder::HdrAdapter<R> as ImageDecoder>::read_image
    002  image::codecs::gif::GifDecoder<R>::new
    002  image::codecs::hdr::decoder::HdrAdapter<R>::read_image_data
    002  image::codecs::hdr::decoder::HdrDecoder<R>::read_image_ldr
    002  image::codecs::hdr::decoder::HdrDecoder<R>::read_image_transform
    002  image::codecs::hdr::decoder::HdrDecoder<R>::read_image_transform::{{closure}}
    002  image::codecs::webp::decoder::WebPDecoder<R>::new
    002  image::codecs::webp::decoder::WebPDecoder<R>::read_frame
    002  image::codecs::webp::decoder::WebPDecoder<R>::read_metadata
    002  image::io::free_functions::image_dimensions_impl
    002  image::io::free_functions::image_dimensions_with_format_impl
    001  <image::codecs::tiff::TiffEncoder<W> as ImageEncoder>::write_image
    001  image::codecs::tiff::TiffEncoder<W>::encode
    001  image::codecs::tiff::u8_slice_as_u16
    001  image::codecs::webp::vp8::Vp8Decoder<R>::decode_frame
    001  image::codecs::webp::vp8::Vp8Decoder<R>::init_partitions
    001  image::codecs::webp::vp8::Vp8Decoder<R>::read_frame_header
    001  image::dynimage::DynamicImage::as_bytes
    001  image::dynimage::DynamicImage::into_bytes
    001  image::dynimage::DynamicImage::to_bytes
    001  image::dynimage::image_as_bytes
    001  image::dynimage::image_into_bytes
    001  image::dynimage::image_to_bytes
    001  image::io::free_functions::save_buffer_impl
    001  image::io::free_functions::save_buffer_with_format_impl
    001  image::utils::vec_u16_into_u8
    001  image::utils::vec_u32_into_u8
    001  image::utils::vec_u64_into_u8

Since running MIRI on all tests seems to be incredibly resource intensive, maybe we could work on a dedicate test suite that targets these functions in particular and directly.

[lu-zero]

I can tell you that codecs::png::tests::ensure_no_decoder_off_by_one is probably showing a pathological case in miri.

1632769 root      20   0  118.3g 107.5g 142272 S 100.0  42.4 960:43.10 miri

[dodomorandi]

@HeroicKatora I understand what you are saying, but on the other hand I would like to emphasize the good work your are doing in image-rs: there are only three occurrences of unsafe usage in the entire crate (unsafe fn that are not actively used do not count IMHO).

If a safe function in an external crate triggers UB, I totally understand that you can think "it's our fault, we chose that crate", but on the other hand you also cannot test the soundness of each dependency from image-rs. A good approach would hopefully be to track down which unsafe fn are called at the end of the road, in order to check whether they are tested enough and if there is a valid reason for them to be unsafe.

Let's take image::image::decoder_to_vec for instance: the function do not directly use unsafe, if it triggers UB it could be a problem of bytemuck, num_traits or another function in image-rs (total_bytes, read_image or something downstream). Unfortunately siderophile (which I was unaware of, thank you for letting me know about it!) does not show which unsafe fns are called downstream, which makes unsafe tracking pretty hard. On the other hand I can see miri works on all tests of bytemuck, and it is pretty fast to run -- just some seconds. Obviously it would be necessary to analyze code coverage for the tests in order the check whether they are good enough, but it is a huge amount of work, especially if you are going to do the same thing on each dependency!

TL;DR: Using miri to check for UB correctness for all the project would be wonderful, but it looks like we are not still there. Manually tracking UBs requires huge efforts, I think that the best thing that can be done is cooperate with other crates' maintainers, especially in case of strange_ issues (like #1359). Moreover, when working with images and media in general, logic errors (i.e. wrapping behavior instead of saturating) are not safety issues but still very problematic, tools like miri won't help with these. Just assume that you safe code is really safe, otherwise you cannot rely on Rust safety abstractions 😊

[HeroicKatora]

Good points on bytemuck being MIRI tested without issue. Then we can close this for now. That said, any additional small and quickly executed tests that cover some of the unsafe code would be appreciated, in any dependency as well :)

@lu-zero Thanks for the dedication. Due to your efforts, we say that image had a literal CPU-month dedicated to running them (960:43.10). Feel free to stop at any point if you need your computer. If you can, comment with the log here so any one reading this later knows which tests were not covered yet.

[lu-zero]

I think we can say that image helped finding a bug in miri now:

1632769 root      20   0  163.5g 146.7g 139136 S 100.3  57.8   1567:01 miri

I guess I can just kill this now.

[nabijaczleweli]

I skipped over codecs::png::tests::ensure_no_decoder_off_by_one, but I've hit an even better problem with imageops::sample::tests::test_issue_186, which actually gets itself OOM-killed within minutes (total-vm:126098460kB, anon-rss:92481632kB, file-rss:1440kB, shmem-rss:2672kB).

[nabijaczleweli]

No test failed with HEAD at e0261ce (but going back to 32bae1f reproduces the UB failure from the OP).

Sanitised log (the tests I skipped because they OOMed are marked accordingly):

Nov 13 17:16:08 tarta systemd[24223]: Started /home/nabijaczleweli/.cargo/bin/cargo +nightly-2020-11-09 miri test.
Nov 13 17:16:09 tarta cargo[19983]:    Compiling image v0.23.11 (/home/nabijaczleweli/uwu/image)
Nov 13 17:16:09 tarta cargo[19983]:     Finished test [unoptimized + debuginfo] target(s) in 0.13s
Nov 13 17:16:09 tarta cargo[19983]:      Running target/x86_64-unknown-linux-gnu/debug/deps/image-3c9cbb519f35a53e
Nov 13 17:16:21 tarta cargo[19983]: running 137 tests
Nov 13 17:16:22 tarta cargo[19983]: test animation::tests::duration_approx ... ok
Nov 13 17:16:22 tarta cargo[19983]: test animation::tests::duration_outlier ... ok
Nov 13 17:16:22 tarta cargo[19983]: test animation::tests::fps_30 ... ok
Nov 13 17:16:28 tarta cargo[19983]: test animation::tests::precise ... ok
Nov 13 17:16:28 tarta cargo[19983]: test animation::tests::simple ... ok
Nov 13 17:19:58 tarta cargo[19983]: test animation::tests::small ... ok
Nov 13 17:19:58 tarta cargo[19983]: test buffer_::test::get_pixel ... ok
Nov 13 17:19:58 tarta cargo[19983]: test buffer_::test::mut_iter ... ok
Nov 13 17:19:58 tarta cargo[19983]: test buffer_::test::nonzero_width_zero_height ... ok
Nov 13 17:19:58 tarta cargo[19983]: test buffer_::test::pixels_on_large_buffer ... ok
Nov 13 17:19:58 tarta cargo[19983]: test buffer_::test::slice_buffer ... ok
Nov 13 17:19:59 tarta cargo[19983]: test buffer_::test::zero_width_nonzero_height ... ok
Nov 13 17:19:59 tarta cargo[19983]: test buffer_::test::zero_width_zero_height ... ok
Nov 13 17:19:59 tarta cargo[19983]: test codecs::bmp::decoder::test::test_bitfield_len ... ok
Nov 13 17:20:06 tarta cargo[19983]: test codecs::bmp::encoder::tests::huge_files_return_error ... ok
Nov 13 17:20:06 tarta cargo[19983]: test codecs::bmp::encoder::tests::round_trip_3px_rgb ... ok
Nov 13 17:20:26 tarta cargo[19983]: test codecs::bmp::encoder::tests::round_trip_gray ... ok
Nov 13 17:20:45 tarta cargo[19983]: test codecs::bmp::encoder::tests::round_trip_graya ... ok
Nov 13 17:20:46 tarta cargo[19983]: test codecs::bmp::encoder::tests::round_trip_single_pixel_rgb ... ok
Nov 13 17:20:46 tarta cargo[19983]: test codecs::bmp::encoder::tests::round_trip_single_pixel_rgba ... ok
Nov 13 17:20:46 tarta cargo[19983]: test codecs::farbfeld::tests::read_rect_1x2 ... ok
Nov 13 17:20:46 tarta cargo[19983]: test codecs::farbfeld::tests::read_rect_2x1 ... ok
Nov 13 17:20:47 tarta cargo[19983]: test codecs::farbfeld::tests::read_rect_2x2 ... ok
Nov 13 17:20:47 tarta cargo[19983]: test codecs::farbfeld::tests::read_rect_2x3 ... ok
Nov 13 17:20:47 tarta cargo[19983]: test codecs::farbfeld::tests::read_rect_in_stream ... ok
Nov 13 17:20:47 tarta cargo[19983]: test codecs::hdr::decoder::read_line_u8_test ... ok
Nov 13 17:20:48 tarta cargo[19983]: test codecs::hdr::decoder::split_at_first_test ... ok
Nov 13 17:20:51 tarta cargo[19983]: test codecs::hdr::encoder::noruncombine_test ... ok
Nov 13 17:20:52 tarta cargo[19983]: test codecs::hdr::encoder::runiterator_test ... ok
Nov 13 17:23:30 tarta cargo[19983]: test codecs::hdr::encoder::to_rgbe8_test ... ok
Nov 13 18:01:22 tarta cargo[19983]: test codecs::jpeg::decoder::tests::cmyk_to_rgb_correct ... ok
Nov 13 18:01:31 tarta cargo[19983]: test codecs::jpeg::decoder::tests::test_assorted_colors ... ok
Nov 13 18:01:38 tarta cargo[19983]: test codecs::jpeg::encoder::tests::grayscale_roundtrip_sanity_check ... warning: thread support is experimental. For example, Miri does not detect data races yet.
Nov 13 18:01:40 tarta cargo[19983]: ok
Nov 13 18:01:41 tarta cargo[19983]: test codecs::jpeg::encoder::tests::jfif_header_density_check ... ok
Nov 13 18:01:54 tarta cargo[19983]: test codecs::jpeg::encoder::tests::roundtrip_sanity_check ... ok
Nov 13 18:02:06 tarta cargo[19983]: test codecs::jpeg::encoder::tests::test_bgra16 ... ok
Nov 13 18:02:06 tarta cargo[19983]: test codecs::jpeg::encoder::tests::test_build_frame_header ... ok
Nov 13 18:02:06 tarta cargo[19983]: test codecs::jpeg::encoder::tests::test_build_huffman_segment ... ok
Nov 13 18:02:06 tarta cargo[19983]: test codecs::jpeg::encoder::tests::test_build_jfif_header ... ok
Nov 13 18:02:06 tarta cargo[19983]: test codecs::jpeg::encoder::tests::test_build_quantization_segment ... ok
Nov 13 18:02:07 tarta cargo[19983]: test codecs::jpeg::encoder::tests::test_build_scan_header ... ok
Nov 13 18:02:11 tarta cargo[19983]: test codecs::jpeg::encoder::tests::test_image_too_large ... ok
                                    test codecs::png::tests::ensure_no_decoder_off_by_one ... skipped
Nov 14 15:59:13 tarta cargo[31496]: test codecs::png::tests::underlying_error ... ok
Nov 14 15:59:13 tarta cargo[31496]: test codecs::pnm::autobreak::tests::test_aligned_writes ... ok
Nov 14 15:59:13 tarta cargo[31496]: test codecs::pnm::autobreak::tests::test_greater_writes ... ok
Nov 14 15:59:14 tarta cargo[31496]: test codecs::pnm::decoder::tests::pam_blackandwhite ... ok
Nov 14 15:59:15 tarta cargo[31496]: test codecs::pnm::decoder::tests::pam_grayscale ... ok
Nov 14 15:59:15 tarta cargo[31496]: test codecs::pnm::decoder::tests::pam_rgb ... ok
Nov 14 15:59:16 tarta cargo[31496]: test codecs::pnm::decoder::tests::pbm_ascii ... ok
Nov 14 15:59:16 tarta cargo[31496]: test codecs::pnm::decoder::tests::pbm_ascii_nospace ... ok
Nov 14 15:59:16 tarta cargo[31496]: test codecs::pnm::decoder::tests::pbm_binary ... ok
Nov 14 15:59:16 tarta cargo[31496]: test codecs::pnm::decoder::tests::pbm_binary_ascii_termination ... ok
Nov 14 15:59:17 tarta cargo[31496]: test codecs::pnm::decoder::tests::pgm_ascii ... ok
Nov 14 15:59:17 tarta cargo[31496]: test codecs::pnm::decoder::tests::pgm_binary ... ok
Nov 14 15:59:20 tarta cargo[31496]: test codecs::pnm::tests::roundtrip_gray ... ok
Nov 14 15:59:22 tarta cargo[31496]: test codecs::pnm::tests::roundtrip_rgb ... ok
Nov 14 15:59:23 tarta cargo[31496]: test codecs::pnm::tests::roundtrip_u16 ... ok
Nov 14 15:59:23 tarta cargo[31496]: test codecs::tga::encoder::tests::round_trip_3px_rgb ... ok
Nov 14 15:59:24 tarta cargo[31496]: test codecs::tga::encoder::tests::round_trip_gray ... ok
Nov 14 15:59:24 tarta cargo[31496]: test codecs::tga::encoder::tests::round_trip_graya ... ok
Nov 14 15:59:24 tarta cargo[31496]: test codecs::tga::encoder::tests::round_trip_single_pixel_bgr ... ok
Nov 14 15:59:24 tarta cargo[31496]: test codecs::tga::encoder::tests::round_trip_single_pixel_bgra ... ok
Nov 14 15:59:24 tarta cargo[31496]: test codecs::tga::encoder::tests::round_trip_single_pixel_rgb ... ok
Nov 14 15:59:25 tarta cargo[31496]: test codecs::tga::encoder::tests::round_trip_single_pixel_rgba ... ok
Nov 14 15:59:25 tarta cargo[31496]: test codecs::tga::encoder::tests::test_image_height_too_large ... ok
Nov 14 15:59:25 tarta cargo[31496]: test codecs::tga::encoder::tests::test_image_width_too_large ... ok
Nov 14 15:59:25 tarta cargo[31496]: test codecs::webp::vp8::test::test_add_residue ... ok
Nov 14 16:00:07 tarta cargo[31496]: test codecs::webp::vp8::test::test_avg2 ... ok
Nov 14 16:00:07 tarta cargo[31496]: test codecs::webp::vp8::test::test_avg2_specific ... ok
Nov 14 19:07:02 tarta cargo[31496]: test codecs::webp::vp8::test::test_avg3 ... ok
Nov 14 19:07:02 tarta cargo[31496]: test codecs::webp::vp8::test::test_edge_pixels ... ok
Nov 14 19:07:02 tarta cargo[31496]: test codecs::webp::vp8::test::test_predict_bhepred ... ok
Nov 14 19:07:03 tarta cargo[31496]: test codecs::webp::vp8::test::test_predict_bldpred ... ok
Nov 14 19:07:03 tarta cargo[31496]: test codecs::webp::vp8::test::test_predict_brdpred ... ok
Nov 14 19:07:03 tarta cargo[31496]: test codecs::webp::vp8::test::test_predict_bvepred ... ok
Nov 14 19:07:03 tarta cargo[31496]: test codecs::webp::vp8::test::test_top_pixels ... ok
Nov 14 19:07:03 tarta cargo[31496]: test color::tests::test_apply_with_alpha_bgr ... ok
Nov 14 19:07:03 tarta cargo[31496]: test color::tests::test_apply_with_alpha_bgra ... ok
Nov 14 19:07:04 tarta cargo[31496]: test color::tests::test_apply_with_alpha_rgb ... ok
Nov 14 19:07:04 tarta cargo[31496]: test color::tests::test_apply_with_alpha_rgba ... ok
Nov 14 19:07:04 tarta cargo[31496]: test color::tests::test_apply_without_alpha_bgr ... ok
Nov 14 19:07:04 tarta cargo[31496]: test color::tests::test_apply_without_alpha_bgra ... ok
Nov 14 19:07:04 tarta cargo[31496]: test color::tests::test_apply_without_alpha_rgb ... ok
Nov 14 19:07:04 tarta cargo[31496]: test color::tests::test_apply_without_alpha_rgba ... ok
Nov 14 19:07:05 tarta cargo[31496]: test color::tests::test_blend_luma_alpha ... ok
Nov 14 19:07:05 tarta cargo[31496]: test color::tests::test_blend_rgba ... ok
Nov 14 19:07:05 tarta cargo[31496]: test color::tests::test_lossless_conversions ... ok
Nov 14 19:07:05 tarta cargo[31496]: test color::tests::test_map_with_alpha_bgr ... ok
Nov 14 19:07:05 tarta cargo[31496]: test color::tests::test_map_with_alpha_bgra ... ok
Nov 14 19:07:06 tarta cargo[31496]: test color::tests::test_map_with_alpha_rgb ... ok
Nov 14 19:07:06 tarta cargo[31496]: test color::tests::test_map_with_alpha_rgba ... ok
Nov 14 19:07:06 tarta cargo[31496]: test color::tests::test_map_without_alpha_bgr ... ok
Nov 14 19:07:06 tarta cargo[31496]: test color::tests::test_map_without_alpha_bgra ... ok
Nov 14 19:07:06 tarta cargo[31496]: test color::tests::test_map_without_alpha_rgb ... ok
Nov 14 19:07:06 tarta cargo[31496]: test color::tests::test_map_without_alpha_rgba ... ok
Nov 14 19:07:08 tarta cargo[31496]: test dynimage::test::image_dimensions ... ok
Nov 14 19:08:16 tarta cargo[31496]: test dynimage::test::open_16bpc_png ... ok
Nov 14 19:08:16 tarta cargo[31496]: test dynimage::test::test_empty_file ... ok
Nov 14 19:08:16 tarta cargo[31496]: test error::tests::test_send_sync_stability ... ok
Nov 14 19:10:27 tarta cargo[31496]: test flat::tests::aliasing_view ... ok
Nov 14 19:10:27 tarta cargo[31496]: test flat::tests::image_buffer_conversion ... ok
Nov 14 19:10:27 tarta cargo[31496]: test flat::tests::mutable_view ... ok
Nov 14 19:10:27 tarta cargo[31496]: test flat::tests::normal_forms ... ok
Nov 14 19:10:29 tarta cargo[31496]: test image::tests::image_formats_are_recognized ... ok
Nov 14 19:10:29 tarta cargo[31496]: test image::tests::test_can_nest_views ... ok
Nov 14 19:10:29 tarta cargo[31496]: test image::tests::test_can_subimage_clone_nonmut ... ok
Nov 14 19:10:29 tarta cargo[31496]: test image::tests::test_generic_image_copy_within_bl ... ok
Nov 14 19:10:30 tarta cargo[31496]: test image::tests::test_generic_image_copy_within_br ... ok
Nov 14 19:10:30 tarta cargo[31496]: test image::tests::test_generic_image_copy_within_oob ... ok
Nov 14 19:10:30 tarta cargo[31496]: test image::tests::test_generic_image_copy_within_tl ... ok
Nov 14 19:10:30 tarta cargo[31496]: test image::tests::test_generic_image_copy_within_tr ... ok
Nov 14 19:10:30 tarta cargo[31496]: test image::tests::test_image_alpha_blending ... ok
Nov 14 19:10:31 tarta cargo[31496]: test image::tests::test_image_format_from_path ... ok
Nov 14 19:10:31 tarta cargo[31496]: test image::tests::test_in_bounds ... ok
Nov 14 19:10:35 tarta cargo[31496]: test image::tests::test_load_rect ... ok
Nov 14 19:10:35 tarta cargo[31496]: test imageops::affine::test::test_flip_horizontal ... ok
Nov 14 19:10:35 tarta cargo[31496]: test imageops::affine::test::test_flip_horizontal_in_place ... ok
Nov 14 19:10:36 tarta cargo[31496]: test imageops::affine::test::test_flip_vertical ... ok
Nov 14 19:10:36 tarta cargo[31496]: test imageops::affine::test::test_flip_vertical_in_place ... ok
Nov 14 19:10:36 tarta cargo[31496]: test imageops::affine::test::test_rotate180 ... ok
Nov 14 19:10:36 tarta cargo[31496]: test imageops::affine::test::test_rotate180_in_place ... ok
Nov 14 19:10:37 tarta cargo[31496]: test imageops::affine::test::test_rotate270 ... ok
Nov 14 19:10:37 tarta cargo[31496]: test imageops::affine::test::test_rotate90 ... ok
Nov 14 19:10:37 tarta cargo[31496]: test imageops::colorops::test::test_dither ... ok
                                    test imageops::sample::tests::test_issue_186 ... skipped
Nov 14 20:18:45 tarta cargo[9848]: test imageops::tests::test_image_coordinate_overflow ... ok
Nov 14 20:18:47 tarta cargo[9848]: test imageops::tests::test_image_horizontal_gradient_limits ... ok
Nov 14 20:18:48 tarta cargo[9848]: test imageops::tests::test_image_in_image ... ok
Nov 14 20:18:57 tarta cargo[9848]: test imageops::tests::test_image_in_image_outside_of_bounds ... ok
Nov 14 20:18:59 tarta cargo[9848]: test imageops::tests::test_image_outside_image_no_wrap_around ... ok
Nov 14 20:19:00 tarta cargo[9848]: test imageops::tests::test_image_vertical_gradient_limits ... ok
Nov 14 20:19:07 tarta cargo[9848]: test math::utils::test::resize_bounds_correctly_height ... ok
Nov 14 20:19:14 tarta cargo[9848]: test math::utils::test::resize_bounds_correctly_width ... ok
Nov 14 20:19:14 tarta cargo[9848]: test math::utils::test::resize_handles_fill ... ok
Nov 14 20:19:14 tarta cargo[9848]: test math::utils::test::resize_handles_overflow ... ok
Nov 14 20:19:15 tarta cargo[9848]: test utils::test::gray_to_luma8_skip ... ok
Nov 14 20:19:15 tarta cargo[9848]: test result: ok. 11 passed; 0 failed; 0 ignored; 0 measured; 126 filtered out
Nov 14 20:19:23 tarta cargo[9848]:      Running target/x86_64-unknown-linux-gnu/debug/deps/reference_images-d8ceb47829515b8c
Nov 14 20:19:23 tarta cargo[9848]: warning: use of deprecated associated function `image::DynamicImage::to_rgba`: replaced by `to_rgba8`
Nov 14 20:19:23 tarta cargo[9848]:   --> tests/reference_images.rs:49:28
Nov 14 20:19:23 tarta cargo[9848]:    |
Nov 14 20:19:23 tarta cargo[9848]: 49 |             Ok(img) => img.to_rgba(),
Nov 14 20:19:23 tarta cargo[9848]:    |                            ^^^^^^^
Nov 14 20:19:23 tarta cargo[9848]:    |
Nov 14 20:19:23 tarta cargo[9848]:    = note: `#[warn(deprecated)]` on by default
Nov 14 20:19:24 tarta cargo[9848]: warning: use of deprecated associated function `image::DynamicImage::to_rgba`: replaced by `to_rgba8`
Nov 14 20:19:24 tarta cargo[9848]:    --> tests/reference_images.rs:159:28
Nov 14 20:19:24 tarta cargo[9848]:     |
Nov 14 20:19:24 tarta cargo[9848]: 159 |             Ok(img) => img.to_rgba(),
Nov 14 20:19:24 tarta cargo[9848]:     |                            ^^^^^^^
Nov 14 20:19:24 tarta cargo[9848]: warning: use of deprecated associated function `image::DynamicImage::to_rgba`: replaced by `to_rgba8`
Nov 14 20:19:24 tarta cargo[9848]:    --> tests/reference_images.rs:260:52
Nov 14 20:19:24 tarta cargo[9848]:     |
Nov 14 20:19:24 tarta cargo[9848]: 260 |                     Ok(img) => test_img = Some(img.to_rgba()),
Nov 14 20:19:24 tarta cargo[9848]:     |                                                    ^^^^^^^
Nov 14 20:20:02 tarta cargo[9848]: running 4 tests
Nov 14 20:20:13 tarta cargo[9848]: test bad_bmps ... ok
Nov 14 20:20:24 tarta cargo[9848]: test check_hdr_references ... warning: thread support is experimental. For example, Miri does not detect data races yet.
Nov 14 21:54:30 tarta cargo[9848]: ok
                                   test check_references ... skipped
                                   test render_images ... skipped
                                   test jqeg_qualitys ... skipped
Nov 15 17:46:39 tarta cargo[11254]: test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 4 filtered out
Nov 15 17:46:40 tarta cargo[11254]:      Running target/x86_64-unknown-linux-gnu/debug/deps/save_jpeg-63ceb4a52bcb3705
Nov 15 17:47:01 tarta cargo[11254]: running 0 tests
Nov 15 17:47:01 tarta cargo[11254]: test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 1 filtered out
Nov 15 17:47:01 tarta cargo[11254]:      Running target/x86_64-unknown-linux-gnu/debug/deps/truncate_images-85dea5657e967dd4
Nov 15 17:48:32 tarta cargo[11254]: running 9 tests
Nov 15 17:48:32 tarta cargo[11254]: test truncate_bmp ... ignored
Nov 15 17:48:32 tarta cargo[11254]: test truncate_farbfeld ... ignored
Nov 15 17:48:32 tarta cargo[11254]: test truncate_gif ... ignored
Nov 15 17:48:32 tarta cargo[11254]: test truncate_hdr ... ignored
Nov 15 17:48:32 tarta cargo[11254]: test truncate_ico ... ignored
Nov 15 17:48:32 tarta cargo[11254]: test truncate_jpg ... ignored
Nov 15 17:48:33 tarta cargo[11254]: test truncate_png ... ignored
Nov 15 17:48:33 tarta cargo[11254]: test truncate_tga ... ignored
Nov 15 17:48:33 tarta cargo[11254]: test truncate_tiff ... ignored
Nov 15 17:48:33 tarta cargo[11254]: test result: ok. 0 passed; 0 failed; 9 ignored; 0 measured; 0 filtered out
Nov 15 17:48:35 tarta cargo[11254]:    Doc-tests image
Nov 15 17:48:35 tarta cargo[11254]: Running doctests is not currently supported by Miri.
Nov 15 17:48:35 tarta systemd[24223]: miri.service: Succeeded.

Raw log here, just in case.

The truncation tests took over 12 hours to compile and OOMed immediately, so they remain unchecked.

If there's anything else I can run miri on now or in future, I'm of course more than happy to.