Fix behavior of transmuting pointers

carbotaniuman · carbotaniuman · commit 66e995f769db · 2022-05-21T11:44:28.000-05:00
diff --git a/src/intptrcast.rs b/src/intptrcast.rs
@@ -48,7 +48,6 @@ impl<'mir, 'tcx> GlobalStateInner {
     // or `None` if the addr is out of bounds
     fn alloc_id_from_addr(ecx: &MiriEvalContext<'mir, 'tcx>, addr: u64) -> Option<AllocId> {
         let global_state = ecx.machine.intptrcast.borrow();
-        assert!(global_state.provenance_mode != ProvenanceMode::Strict);
 
         let pos = global_state.int_to_ptr_map.binary_search_by_key(&addr, |(addr, _)| *addr);
 
@@ -77,30 +76,43 @@ impl<'mir, 'tcx> GlobalStateInner {
             }
         }?;
 
-        match global_state.provenance_mode {
-            ProvenanceMode::Legacy => Some(alloc_id),
-            ProvenanceMode::Permissive if global_state.exposed.contains(&alloc_id) =>
-                Some(alloc_id),
-            _ => None,
+        // In legacy mode, we consider all allocations exposed.
+        if global_state.provenance_mode == ProvenanceMode::Legacy
+            || global_state.exposed.contains(&alloc_id)
+        {
+            Some(alloc_id)
+        } else {
+            None
         }
     }
 
     pub fn expose_addr(ecx: &MiriEvalContext<'mir, 'tcx>, alloc_id: AllocId) {
         trace!("Exposing allocation id {:?}", alloc_id);
 
         let mut global_state = ecx.machine.intptrcast.borrow_mut();
-        global_state.exposed.insert(alloc_id);
+        if global_state.provenance_mode == ProvenanceMode::Permissive {
+            global_state.exposed.insert(alloc_id);
+        }
     }
 
-    pub fn ptr_from_addr(ecx: &MiriEvalContext<'mir, 'tcx>, addr: u64) -> Pointer<Option<Tag>> {
+    pub fn ptr_from_addr_transmute(
+        ecx: &MiriEvalContext<'mir, 'tcx>,
+        addr: u64,
+    ) -> Pointer<Option<Tag>> {
         trace!("Transmuting 0x{:x} to a pointer", addr);
 
-        // TODO: fix this at some point once we deal with function pointers
-        // Pointer::new(None, Size::from_bytes(addr))
-        Self::ptr_from_casted_addr(ecx, addr)
+        let global_state = ecx.machine.intptrcast.borrow();
+
+        // In legacy mode, we have to support int2ptr transmutes,
+        // so just pretend they do the same thing as a cast.
+        if global_state.provenance_mode == ProvenanceMode::Legacy {
+            Self::ptr_from_addr_cast(ecx, addr)
+        } else {
+            Pointer::new(None, Size::from_bytes(addr))
+        }
     }
 
-    pub fn ptr_from_casted_addr(
+    pub fn ptr_from_addr_cast(
         ecx: &MiriEvalContext<'mir, 'tcx>,
         addr: u64,
     ) -> Pointer<Option<Tag>> {
diff --git a/src/machine.rs b/src/machine.rs
@@ -639,15 +639,15 @@ impl<'mir, 'tcx> Machine<'mir, 'tcx> for Evaluator<'mir, 'tcx> {
         ecx: &MiriEvalContext<'mir, 'tcx>,
         addr: u64,
     ) -> Pointer<Option<Self::PointerTag>> {
-        intptrcast::GlobalStateInner::ptr_from_addr(ecx, addr)
+        intptrcast::GlobalStateInner::ptr_from_addr_cast(ecx, addr)
     }
 
     #[inline(always)]
     fn ptr_from_addr_transmute(
         ecx: &MiriEvalContext<'mir, 'tcx>,
         addr: u64,
     ) -> Pointer<Option<Self::PointerTag>> {
-        Self::ptr_from_addr_cast(ecx, addr)
+        intptrcast::GlobalStateInner::ptr_from_addr_transmute(ecx, addr)
     }
 
     #[inline(always)]
@@ -675,8 +675,7 @@ impl<'mir, 'tcx> Machine<'mir, 'tcx> for Evaluator<'mir, 'tcx> {
     ) -> Option<(AllocId, Size, Self::TagExtra)> {
         let rel = intptrcast::GlobalStateInner::abs_ptr_to_rel(ecx, ptr);
 
-        let (tag, _) = ptr.into_parts();
-        let sb = match tag {
+        let sb = match ptr.provenance {
             Tag::Concrete(ConcreteTag { sb, .. }) => sb,
             Tag::Wildcard => SbTag::Untagged,
         };
diff --git a/tests/compile-fail/permissive_provenance_null.rs b/tests/compile-fail/permissive_provenance_null.rs
@@ -1,4 +1,4 @@
-// compile-flags: -Zmiri-permissive-provenance
+// compile-flags: -Zmiri-permissive-provenance -Zmiri-disable-stacked-borrows
 #![feature(strict_provenance)]
 
 use std::ptr;
@@ -9,6 +9,6 @@ fn main() {
     let x_usize = x_ptr.expose_addr();
 
     unsafe {
-        let _a = *ptr::from_exposed_addr::<i32>(0).with_addr(x_usize); //~ ERROR attempting a read access using
+        let _a = *ptr::from_exposed_addr::<i32>(0).with_addr(x_usize); //~ ERROR dereferencing pointer failed
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-// compile-flags: -Zmiri-permissive-provenance`
	`1`	`+// compile-flags: -Zmiri-permissive-provenance -Zmiri-disable-stacked-borrows`
`2`	`2`	`#![feature(strict_provenance)]`
`3`	`3`
`4`	`4`	`use std::ptr;`
`@@ -9,6 +9,6 @@ fn main() {`
`9`	`9`	`let x_usize = x_ptr.expose_addr();`
`10`	`10`
`11`	`11`	`unsafe {`
`12`		`- let _a = *ptr::from_exposed_addr::<i32>(0).with_addr(x_usize); //~ ERROR attempting a read access using`
	`12`	`+ let _a = *ptr::from_exposed_addr::<i32>(0).with_addr(x_usize); //~ ERROR dereferencing pointer failed`
`13`	`13`	`}`
`14`	`14`	`}`