miri: protect Move() function arguments during the call #113569
Conversation
test and fix return place alias restrictions
rustbot
added
S-waiting-on-review
|
The Miri subtree was changed cc @rust-lang/miri This PR changes MIR cc @oli-obk, @RalfJung, @JakobDegen, @davidtwco, @celinval, @vakaras Some changes occurred to the CTFE / Miri engine cc @rust-lang/miri Some changes occurred to MIR optimizations cc @rust-lang/wg-mir-opt |
This comment has been minimized.
This comment has been minimized.
|
Other than the pointer identity issue you mentioned I think this is everything we need to justify the current codegen of calls. |
| /// | ||
| /// These places need to be protected to make sure the program cannot tell whether the | ||
| /// argument/return value was actually copied or passed in-place.. | ||
| fn protect_in_place_function_argument( |
There was a problem hiding this comment.
I'm not happy with the name for this machine hook, since it is also used for return places ("output arguments"). Any suggestions?
Also I wonder if I should move the write_uninit out of this hook and into the place where it is called... can't imagine an implementation of this hook that wouldn't want to do write_uninit.
There was a problem hiding this comment.
It seems similarly fragile to have to repeat it at both call sites, so 🤷 I don't have a preference.
Arguments seems fine, it's a bit odd from the high level language perspective, but at the MIR level it all becomes a bit confusing anyway.
This comment has been minimized.
This comment has been minimized.
RalfJung
force-pushed
the
miri
branch
2 times, most recently
from
a266010 to
9a665af
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
That's some clippy failure which seems entirely unrelated to my PR? |
|
@bors r+ |
bors
added
S-waiting-on-bors
|
☀️ Test successful - checks-actions |
|
Finished benchmarking commit (136dab6): comparison URL. Overall result: ❌ regressions - ACTION NEEDEDNext Steps: If you can justify the regressions found in this perf run, please indicate this with @rustbot label: +perf-regression Instruction countThis is a highly reliable metric that was used to determine the overall result at the top of this comment.
Max RSS (memory usage)ResultsThis is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.
CyclesResultsThis is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.
Binary sizeThis benchmark run did not return any relevant results for this metric. Bootstrap: 657.866s -> 657.918s (0.01%) |
|
This PR took ~3 hours to compile |
|
@Kobzol could that be some CI fluke? Seems unlikely that serde_derive does heavier CTFE things than our ctfe-stress test. |
|
Probably yes. @lqd tried it locally and didn't experience any timeouts. |
|
Yeah. It'd be good to keep an eye on the runtime of other PRs, in case something is up with the perf server. |
@rustbot label: +perf-regression-triaged |
rustbot
added
the
perf-regression-triaged
This gives
Moveoperands a meaning specific to function calls:Uninit, so looking at them again after the function returns, we cannot observe their contentsTurns out we can replace the existing "retag return place" hack with the exact same sort of protection on the return place, which is nicely symmetric.
Fixes #112564
Fixes rust-lang/miri#2927
This starts with a Miri rustc-push, since we'd otherwise conflict with a PR that recently landed in Miri.
(The "miri tree borrows" commit is an unrelated cleanup I noticed while doing the PR. I can remove it if you prefer.)
r? @oli-obk