Fix Miri failure with -Zmiri-tag-raw-pointers #1138
Conversation
👍 For me, it found useful results in heavy-on-unsafe projects and doing it should be as simple as - uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: nightly
override: true
components: miri, rust-src
- uses: actions-rs/cargo@v1
with:
command: miri
args: setup
- uses: actions-rs/cargo@v1
with:
command: miri
args: test |
|
though I tend to run with more strict flags than miri's default, so you'll need to set some enviroment variables. https://github.com/rust-lang/miri I use tag-raw-pointers, check-number-validity. and for rustc there is rust-lang/rust#87868 -Zrandomize_layout I'd suggest running tests with all 3 of those set. Stacked borrows and uninit ints being UB are up in the air, the latter seems likely and the former, not sure. |
|
I've looked at adding MIRI to ci before and would like to have it. Don't remember what the holdups have been. For one thing, MIRI is too slow to finish on time so it needs to be a reduced set of tests? Thanks for the report and thanks for the fix! The error and fix make a lot of sense. |
|
Miri is rather slow, so you might need to either skip or reduce the size of some tests when running in miri. I wouldn't do that until specific tests are shown to take far too long though. There's also a fair few API's being unsupported, but I'm assuming ndarray doesn't use much of the stdlib (as opposed to alloc/core), so that shouldn't be an issue. |
|
We can merge to the 0.15.x branch and make another release on there, if you think it's merited? 0.16 is likely to be in development for a bit |
I doubt there's much risk of this leading to broken code with the current compiler, but it would be nice to fix it now just in case. Also, it seems like people are slow to update to newer versions of |
|
By the way, there's still miri failures on this PR, not sure if you wanted to fix them in PRs one by one or go for all of them at a time. Next error is |
|
sounds good, I could also plan to do it if you wouldn't have time. we can plan the release to whenever we have multiple fixes batched up then. |
|
I took a look at some of the other errors. The error in |
Before this commit, running `MIRIFLAGS="-Zmiri-tag-raw-pointers" cargo
miri test test_map_axis` caused Miri to report undefined behavior in
the `test_map_axis` test. This commit fixes the underlying issue.
Basically, Miri doesn't like us using a reference to an element to
access other elements. Here's some sample code to illustrate the
issue:
```rust
let a: Vec<i32> = vec![5, 6];
let first_elt: &i32 = &a[0];
let ptr: *const i32 = first_elt as *const i32;
// Okay: the data is contained in the data referenced by `first_elt`.
let a0 = unsafe { &*ptr.offset(0) };
assert_eq!(*a0, 5);
// Not okay: the data is not contained in the data referenced by `first_elt`.
let a1 = unsafe { &*ptr.offset(1) };
assert_eq!(*a1, 6);
```
Before this commit, we were using `self.index_axis(axis,
0).map(|first_elt| ...)` to create views of the lanes, from references
to the first elements in the lanes. Accessing elements within those
views (other than the first element) led to the Miri error, since the
view's pointer was derived from a reference to a single element.
Thanks to @5225225 for reporting the issue. (This commit fixes rust-ndarray#1137.)
Before this PR, running
MIRIFLAGS="-Zmiri-tag-raw-pointers" cargo miri test test_map_axiscaused Miri to report undefined behavior in thetest_map_axistest. This PR fixes the underlying issue. Basically, Miri doesn't like us using a reference to an element to access other elements. Here's some sample code to illustrate the issue:Before this commit, we were using
self.index_axis(axis, 0).map(|first_elt| ...)to create views of the lanes, from references to the first elements in the lanes. Accessing elements within those views (other than the first element) led to the Miri error, since the view's pointer was derived from a reference to a single element.Thanks to @5225225 for reporting the issue. (This PR fixes #1137.)
Should we add Miri to CI?