-
Notifications
You must be signed in to change notification settings - Fork 356
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add option to flag uninitialized integers as UB #1340
Comments
Maybe this is something where we could just emit a warning (silenceable of course) by default? |
Yeah that also sounds good... but then we have three levels, allow/warn/deny, so it really seems like we should use the lint system.^^ That will also be much harder though, I imagined just having a machine hook that affects whether validation checks integers for being initialized (instead of doing that based on whether we are in "const mode"). |
seems good, too. If we make it configurable in miri via the command line, users can turn it off if it bothers them (or we start with opt-in) |
Looks like this is the place where the check would go |
Yes that is correct. |
While at it we should probably also mark ptr-to-int transmutes as UB (Cc rust-lang/unsafe-code-guidelines#286) |
I started working on this, but when I try to use my locally-built rustc with Miri, I get a strange error:
When I built rustc, it said that it built |
I don't know how to work with a locally built miri except by doing ./x.py test src/tools/miri It may be that we just don't properly support going the rustup toolchain link route |
@camelid have you followed the instructions at https://github.com/rust-lang/miri/blob/master/CONTRIBUTING.md#building-miri-with-a-locally-built-rustc ? Those are what I used for locally built rustc and they always worked for me (but it's been a few weeks sine I last tried this). |
Hm, actually I am always using stage 2, not stage 1. But you are the one who changed the instructions to recommend stage 1 instead of stage 2... are you saying that does not work any more? Should we revert bb59980? |
Yes, I'm almost done with a stage2 build to see if that fixes it. If that works, I was planning to also suggest we revert that commit :) |
Indeed, that fixed it. |
I'm not sure; I wonder if I had already built a full stage2 when I was testing it for that PR and so it didn't work then either. Bootstrapping stages are pretty confusing ;) |
Stage 2 seems to be required after all Reverts most of bb59980. See the discussion starting at #1340 (comment) for more.
miri: Detect uninitialized integers and floats Part of rust-lang/miri#1340. Companion Miri PR: rust-lang/miri#1904 r? `@RalfJung`
This is the last step in landing rust-lang/miri#1340!
Update Miri Fixes rust-lang#90763. This is the last step in landing rust-lang/miri#1340! r? `@RalfJung`
The good news is that the Rust libcore/liballoc test suites pass even with this flag. :) |
That doesn't sound correct to me, I know at least |
This option doesn't check behind references AFAIK, so it doesn't catch slices of uninit u8s. |
Yeah -- (a) I am not sure if we are hitting those codepaths (we are not running the std test suite, only core and alloc), and (b) validity is not checked recursively through references (see rust-lang/unsafe-code-guidelines#77). |
The reference currently states that this code is UB, but Miri deliberately accepts it:
The reason we accept it is that the lang-team is not sure if we really want this to be UB (also see rust-lang/unsafe-code-guidelines#71), so the conservative choice for the reference is to make it UB for now, but in Miri I fear this might lead to too many errors that people could consider false positives (even though by the letter of the reference they are true positives).
Still it could be interesting to see how much code (that Miri can run) actually fails when considering uninitialized integers UB, so having a flag in Miri to enable stricter checking would be interesting.
The text was updated successfully, but these errors were encountered: