DO NOT MERGE - scratchwork

maurer · maurer · commit 33ef5610317f · 2022-08-02T22:21:09.000-07:00
This shows how the base address, if it can be acquired, can be used to
call external C functions. There are numerous TODOs, including the big
one of coming up with a way to access the bytes address without the huge
hole punch I put in rustc.

This also requires that the bytes addresses in rustc become properly
aligned.

Double dereference passes, as do most tests. Of the few that remain,
some of them make questionable assumptions (which we might need some way
to retain or put behind an option for sanitization) like that it is
fundamentally possible for two allocations to end up next to each other
- this won't happen when we're using a real heap. The simd tests failing
  are concerning, but can be looked into.
diff --git a/src/intptrcast.rs b/src/intptrcast.rs
@@ -37,9 +37,6 @@ pub struct GlobalStateInner {
     /// Whether an allocation has been exposed or not. This cannot be put
     /// into `AllocExtra` for the same reason as `base_addr`.
     exposed: FxHashSet<AllocId>,
-    /// This is used as a memory address when a new pointer is casted to an integer. It
-    /// is always larger than any address that was previously made part of a block.
-    next_base_addr: u64,
     /// The provenance to use for int2ptr casts
     provenance_mode: ProvenanceMode,
 }
@@ -50,7 +47,6 @@ impl GlobalStateInner {
             int_to_ptr_map: Vec::default(),
             base_addr: FxHashMap::default(),
             exposed: FxHashSet::default(),
-            next_base_addr: STACK_ADDR,
             provenance_mode: config.provenance_mode,
         }
     }
@@ -157,6 +153,19 @@ impl<'mir, 'tcx> GlobalStateInner {
     }
 
     fn alloc_base_addr(ecx: &MiriEvalContext<'mir, 'tcx>, alloc_id: AllocId) -> u64 {
+        // TODO avoid hole punch
+        // TODO avoid bytes hole punch
+        // TODO avoid leaked address hack
+        let base_addr: u64 = match ecx.get_alloc_raw(alloc_id) {
+            Ok(ref alloc) => {
+                let temp = alloc.bytes.as_ptr() as u64;
+                assert!(temp % 16 == 0);
+                temp
+            }
+            // Grabbing u128 for max alignment
+            Err(_) => Box::leak(Box::new(0u128)) as *const u128 as u64,
+        };
+        // With our hack, base_addr should always be fully aligned
         let mut global_state = ecx.machine.intptrcast.borrow_mut();
         let global_state = &mut *global_state;
 
@@ -167,34 +176,22 @@ impl<'mir, 'tcx> GlobalStateInner {
                 // it became dangling.  Hence we allow dead allocations.
                 let (size, align, _kind) = ecx.get_alloc_info(alloc_id);
 
-                // This allocation does not have a base address yet, pick one.
-                // Leave some space to the previous allocation, to give it some chance to be less aligned.
-                let slack = {
-                    let mut rng = ecx.machine.rng.borrow_mut();
-                    // This means that `(global_state.next_base_addr + slack) % 16` is uniformly distributed.
-                    rng.gen_range(0..16)
-                };
-                // From next_base_addr + slack, round up to adjust for alignment.
-                let base_addr = global_state.next_base_addr.checked_add(slack).unwrap();
-                let base_addr = Self::align_addr(base_addr, align.bytes());
+                // This allocation does not have a base address yet, assign its bytes base.
                 entry.insert(base_addr);
                 trace!(
-                    "Assigning base address {:#x} to allocation {:?} (size: {}, align: {}, slack: {})",
+                    "Assigning base address {:#x} to allocation {:?} (size: {}, align: {})",
                     base_addr,
                     alloc_id,
                     size.bytes(),
                     align.bytes(),
-                    slack,
                 );
 
-                // Remember next base address.  If this allocation is zero-sized, leave a gap
-                // of at least 1 to avoid two allocations having the same base address.
-                // (The logic in `alloc_id_from_addr` assumes unique addresses, and different
-                // function/vtable pointers need to be distinguishable!)
-                global_state.next_base_addr = base_addr.checked_add(max(size.bytes(), 1)).unwrap();
-                // Given that `next_base_addr` increases in each allocation, pushing the
-                // corresponding tuple keeps `int_to_ptr_map` sorted
+                // TODO replace int_to_ptr_map's data structure, since even if we binary search for
+                // the insert location, the insertion is still linear (due to copies)
+                // I've done it the dumb obviously correct way for now.
+                global_state.int_to_ptr_map.retain(|&(ref a,_)| a != &base_addr);
                 global_state.int_to_ptr_map.push((base_addr, alloc_id));
+                global_state.int_to_ptr_map.sort();
 
                 base_addr
             }
diff --git a/src/shims/ffi_support.rs b/src/shims/ffi_support.rs
@@ -68,33 +68,15 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
             TyKind::Uint(UintTy::Usize) => {
                 return Ok(CArg::USize(k.to_machine_usize(cx)?.try_into().unwrap()));
             }
-            // mut pointers
-            TyKind::RawPtr(TypeAndMut{ ty: some_ty, mutbl: rustc_hir::Mutability::Mut} ) => {
-                match some_ty.kind() {
-                    TyKind::Int(IntTy::I32) => {
-                        println!("REEEE i32 pointer ARG");
-                    },
-                    TyKind::RawPtr(TypeAndMut{ ty: some_ty, mutbl: rustc_hir::Mutability::Mut} ) => {
-                        match some_ty.kind() {
-                            TyKind::Int(IntTy::I32) => {
-                                println!("RECURSION BRO: **i32 arg");
-                                match k {
-                                    ScalarMaybeUninit::Scalar(Scalar::Ptr(ptr, sz)) => {
-                                        let (alloc_id, _, _) = cx.ptr_get_alloc_id(ptr.into())?;
-                                        let ree = cx.memory.alloc_map().get(alloc_id).unwrap().1.extra.real_pointer;//get_bytes_with_uninit_and_ptr(cx, fake_range).unwrap();
-                                        println!("{:?}", ree);
-                                        let inner_carg = CArg::ConstPtrUInt8(ree);
-                                        return Ok(CArg::RecMutPtrCarg(Box::new(inner_carg)));
-                                        // return Ok(CArg::USize(the_int.try_to_u64().unwrap().try_into().unwrap()));
-                                        // println!("{:?}", s.assert_int())
-                                    }, 
-                                    _ => {}
-                                }
-                            },
-                            _ => { }
-                        }
+            // pointers
+            TyKind::RawPtr(TypeAndMut{..} ) => {
+                match k {
+                    ScalarMaybeUninit::Scalar(Scalar::Ptr(ptr, sz)) => {
+                        let qq = ptr.into_parts().1.bytes_usize();
+                        // TODO select correct types rather than yoloing
+                        return Ok(CArg::RecConstPtrCarg(Box::new(CArg::ConstPtrInt32(qq as *const i32))))
                     }
-                    _ => { }
+                    _ => {}
                 }
             }
             _ => {}
diff --git a/tests/extern-so/libcode.version b/tests/extern-so/libcode.version
@@ -1,5 +1,6 @@
 CODEABI_1.0 {
-    global: *add_one_int*; 
+    global: *double_deref*;
+        *add_one_int*; 
         *printer*; 
         *test_stack_spill*; 
         *get_unsigned_int*; 
diff --git a/tests/extern-so/test.c b/tests/extern-so/test.c
@@ -1,5 +1,9 @@
 #include <stdio.h>
 
+int double_deref(const int **p) {
+  return **p;
+}
+
 int add_one_int(int x) {
   return 2 + x;
 }
diff --git a/tests/pass/extern-so/call_extern_c_fcts.rs b/tests/pass/extern-so/call_extern_c_fcts.rs
@@ -3,6 +3,7 @@
 //@compile-flags: -Zmiri-extern-so-file=tests/extern-so/libtestlib.so
 
 extern "C" {
+    fn double_deref(x: *const *const i32) -> i32;
     fn add_one_int(x: i32) -> i32;
     fn add_int16(x: i16) -> i16;
     fn test_stack_spill(
@@ -44,5 +45,10 @@ fn main() {
         // test void function that prints from C -- call it twice
         printer();
         printer();
+
+        let base: i32 = 42;
+        let base_p: *const i32 = &base as *const i32;
+        let base_pp: *const *const i32 = &base_p as *const *const i32;
+        assert_eq!(double_deref(base_pp), 42);
     }
 }
diff --git a/ui_test/src/lib.rs b/ui_test/src/lib.rs
@@ -624,8 +624,8 @@ pub enum Mode {
 
 impl Mode {
     fn ok(self, status: ExitStatus) -> Errors {
-        match (status.code().unwrap(), self) {
-            (1, Mode::Fail) | (101, Mode::Panic) | (0, Mode::Pass) => vec![],
+        match (status.code(), self) {
+            (Some(1), Mode::Fail) | (Some(101), Mode::Panic) | (Some(0), Mode::Pass) => vec![],
             _ => vec![Error::ExitStatus(self, status)],
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,9 @@`
`1`	`1`	`#include <stdio.h>`
`2`	`2`
	`3`	`+int double_deref(const int **p) {`
	`4`	`+ return **p;`
	`5`	`+}`
	`6`	`+`
`3`	`7`	`int add_one_int(int x) {`
`4`	`8`	`return 2 + x;`
`5`	`9`	`}`
Original file line number	Diff line number	Diff line change
`@@ -624,8 +624,8 @@ pub enum Mode {`
`624`	`624`
`625`	`625`	`impl Mode {`
`626`	`626`	`fn ok(self, status: ExitStatus) -> Errors {`
`627`		`- match (status.code().unwrap(), self) {`
`628`		`- (1, Mode::Fail) \| (101, Mode::Panic) \| (0, Mode::Pass) => vec![],`
	`627`	`+ match (status.code(), self) {`
	`628`	`+ (Some(1), Mode::Fail) \| (Some(101), Mode::Panic) \| (Some(0), Mode::Pass) => vec![],`
`629`	`629`	`_ => vec![Error::ExitStatus(self, status)],`
`630`	`630`	`}`
`631`	`631`	`}`