avoid using unchecked casts or arithmetic

RalfJung · RalfJung · commit 8b6af3eacbeb · 2020-03-17T15:21:43.000+01:00
diff --git a/src/bin/miri.rs b/src/bin/miri.rs
@@ -259,7 +259,6 @@ fn main() {
     rustc_driver::install_ice_hook();
     let result = rustc_driver::catch_fatal_errors(move || {
         rustc_driver::run_compiler(&rustc_args, &mut MiriCompilerCalls { miri_config }, None, None)
-    })
-    .and_then(|result| result);
+    });
     std::process::exit(result.is_err() as i32);
 }
diff --git a/src/eval.rs b/src/eval.rs
@@ -1,6 +1,7 @@
 //! Main evaluator loop and setting up the initial stack frame.
 
 use std::ffi::OsStr;
+use std::convert::TryFrom;
 
 use rand::rngs::StdRng;
 use rand::SeedableRng;
@@ -101,25 +102,25 @@ pub fn create_ecx<'mir, 'tcx: 'mir>(
     // First argument: pointer to `main()`.
     let main_ptr = ecx.memory.create_fn_alloc(FnVal::Instance(main_instance));
     // Second argument (argc): length of `config.args`.
-    let argc = Scalar::from_uint(config.args.len() as u128, ecx.pointer_size());
+    let argc = Scalar::from_uint(u64::try_from(config.args.len()).unwrap(), ecx.pointer_size());
     // Third argument (`argv`): created from `config.args`.
     let argv = {
         // Put each argument in memory, collect pointers.
         let mut argvs = Vec::<Scalar<Tag>>::new();
         for arg in config.args.iter() {
             // Make space for `0` terminator.
-            let size = arg.len() as u64 + 1;
+            let size = u64::try_from(arg.len()).unwrap().checked_add(1).unwrap();
             let arg_type = tcx.mk_array(tcx.types.u8, size);
             let arg_place = ecx.allocate(ecx.layout_of(arg_type)?, MiriMemoryKind::Machine.into());
             ecx.write_os_str_to_c_str(OsStr::new(arg), arg_place.ptr, size)?;
             argvs.push(arg_place.ptr);
         }
         // Make an array with all these pointers, in the Miri memory.
         let argvs_layout =
-            ecx.layout_of(tcx.mk_array(tcx.mk_imm_ptr(tcx.types.u8), argvs.len() as u64))?;
+            ecx.layout_of(tcx.mk_array(tcx.mk_imm_ptr(tcx.types.u8), u64::try_from(argvs.len()).unwrap()))?;
         let argvs_place = ecx.allocate(argvs_layout, MiriMemoryKind::Machine.into());
         for (idx, arg) in argvs.into_iter().enumerate() {
-            let place = ecx.mplace_field(argvs_place, idx as u64)?;
+            let place = ecx.mplace_field(argvs_place, u64::try_from(idx).unwrap())?;
             ecx.write_scalar(arg, place.into())?;
         }
         ecx.memory.mark_immutable(argvs_place.ptr.assert_ptr().alloc_id)?;
@@ -153,13 +154,13 @@ pub fn create_ecx<'mir, 'tcx: 'mir>(
             cmd.push(std::char::from_u32(0).unwrap());
 
             let cmd_utf16: Vec<u16> = cmd.encode_utf16().collect();
-            let cmd_type = tcx.mk_array(tcx.types.u16, cmd_utf16.len() as u64);
+            let cmd_type = tcx.mk_array(tcx.types.u16, u64::try_from(cmd_utf16.len()).unwrap());
             let cmd_place = ecx.allocate(ecx.layout_of(cmd_type)?, MiriMemoryKind::Machine.into());
             ecx.machine.cmd_line = Some(cmd_place.ptr);
             // Store the UTF-16 string. We just allocated so we know the bounds are fine.
             let char_size = Size::from_bytes(2);
             for (idx, &c) in cmd_utf16.iter().enumerate() {
-                let place = ecx.mplace_field(cmd_place, idx as u64)?;
+                let place = ecx.mplace_field(cmd_place, u64::try_from(idx).unwrap())?;
                 ecx.write_scalar(Scalar::from_uint(c, char_size), place.into())?;
             }
         }
diff --git a/src/helpers.rs b/src/helpers.rs
@@ -1,5 +1,6 @@
 use std::ffi::OsStr;
 use std::{iter, mem};
+use std::convert::TryFrom;
 
 use rustc::mir;
 use rustc::ty::{
@@ -81,7 +82,7 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
     }
 
     /// Generate some random bytes, and write them to `dest`.
-    fn gen_random(&mut self, ptr: Scalar<Tag>, len: usize) -> InterpResult<'tcx> {
+    fn gen_random(&mut self, ptr: Scalar<Tag>, len: u64) -> InterpResult<'tcx> {
         // Some programs pass in a null pointer and a length of 0
         // to their platform's random-generation function (e.g. getrandom())
         // on Linux. For compatibility with these programs, we don't perform
@@ -92,7 +93,7 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
         }
         let this = self.eval_context_mut();
 
-        let mut data = vec![0; len];
+        let mut data = vec![0; usize::try_from(len).unwrap()];
 
         if this.machine.communicate {
             // Fill the buffer using the host's rng.
@@ -499,7 +500,7 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
         let bytes = os_str_to_bytes(os_str)?;
         // If `size` is smaller or equal than `bytes.len()`, writing `bytes` plus the required null
         // terminator to memory using the `ptr` pointer would cause an out-of-bounds access.
-        let string_length = bytes.len() as u64;
+        let string_length = u64::try_from(bytes.len()).unwrap();
         if size <= string_length {
             return Ok((false, string_length));
         }
@@ -514,7 +515,7 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
         os_str: &OsStr,
         memkind: MemoryKind<MiriMemoryKind>,
     ) -> Pointer<Tag> {
-        let size = os_str.len() as u64 + 1; // Make space for `0` terminator.
+        let size = u64::try_from(os_str.len()).unwrap().checked_add(1).unwrap(); // Make space for `0` terminator.
         let this = self.eval_context_mut();
 
         let arg_type = this.tcx.mk_array(this.tcx.types.u8, size);
diff --git a/src/shims/dlsym.rs b/src/shims/dlsym.rs
@@ -37,7 +37,7 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
             GetEntropy => {
                 let ptr = this.read_scalar(args[0])?.not_undef()?;
                 let len = this.read_scalar(args[1])?.to_machine_usize(this)?;
-                this.gen_random(ptr, len as usize)?;
+                this.gen_random(ptr, len)?;
                 this.write_null(dest)?;
             }
         }
diff --git a/src/shims/env.rs b/src/shims/env.rs
@@ -1,5 +1,6 @@
 use std::ffi::{OsString, OsStr};
 use std::env;
+use std::convert::TryFrom;
 
 use crate::stacked_borrows::Tag;
 use crate::rustc_target::abi::LayoutOf;
@@ -58,7 +59,7 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
         Ok(match this.machine.env_vars.map.get(name) {
             // The offset is used to strip the "{name}=" part of the string.
             Some(var_ptr) => {
-                Scalar::from(var_ptr.offset(Size::from_bytes(name.len() as u64 + 1), this)?)
+                Scalar::from(var_ptr.offset(Size::from_bytes(u64::try_from(name.len()).unwrap().checked_add(1).unwrap()), this)?)
             }
             None => Scalar::ptr_null(&*this.tcx),
         })
@@ -181,10 +182,10 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
         // Make an array with all these pointers inside Miri.
         let tcx = this.tcx;
         let vars_layout =
-            this.layout_of(tcx.mk_array(tcx.types.usize, vars.len() as u64))?;
+            this.layout_of(tcx.mk_array(tcx.types.usize, u64::try_from(vars.len()).unwrap()))?;
         let vars_place = this.allocate(vars_layout, MiriMemoryKind::Machine.into());
         for (idx, var) in vars.into_iter().enumerate() {
-            let place = this.mplace_field(vars_place, idx as u64)?;
+            let place = this.mplace_field(vars_place, u64::try_from(idx).unwrap())?;
             this.write_scalar(var, place.into())?;
         }
         this.write_scalar(
diff --git a/src/shims/foreign_items.rs b/src/shims/foreign_items.rs
@@ -1,7 +1,7 @@
 mod windows;
 mod posix;
 
-use std::{convert::TryInto, iter};
+use std::{convert::{TryInto, TryFrom}, iter};
 
 use rustc_hir::def_id::DefId;
 use rustc::mir;
@@ -250,7 +250,7 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
                     MiriMemoryKind::Rust.into(),
                 );
                 // We just allocated this, the access is definitely in-bounds.
-                this.memory.write_bytes(ptr.into(), iter::repeat(0u8).take(size as usize)).unwrap();
+                this.memory.write_bytes(ptr.into(), iter::repeat(0u8).take(usize::try_from(size).unwrap())).unwrap();
                 this.write_scalar(ptr, dest)?;
             }
             "__rust_dealloc" => {
@@ -350,7 +350,7 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
             "strlen" => {
                 let ptr = this.read_scalar(args[0])?.not_undef()?;
                 let n = this.memory.read_c_str(ptr)?.len();
-                this.write_scalar(Scalar::from_uint(n as u64, dest.layout.size), dest)?;
+                this.write_scalar(Scalar::from_uint(u64::try_from(n).unwrap(), dest.layout.size), dest)?;
             }
 
             // math functions
@@ -440,9 +440,9 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
 
                 // Saturating cast to i16. Even those are outside the valid exponent range to
                 // `scalbn` below will do its over/underflow handling.
-                let exp = if exp > i16::MAX as i32 {
+                let exp = if exp > i32::from(i16::MAX) {
                     i16::MAX
-                } else if exp < i16::MIN as i32 {
+                } else if exp < i32::from(i16::MIN) {
                     i16::MIN
                 } else {
                     exp.try_into().unwrap()
diff --git a/src/shims/foreign_items/posix.rs b/src/shims/foreign_items/posix.rs
@@ -1,6 +1,8 @@
 mod linux;
 mod macos;
 
+use std::convert::TryFrom;
+
 use crate::*;
 use rustc::mir;
 use rustc::ty::layout::{Align, LayoutOf, Size};
@@ -84,7 +86,7 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
                         io::stderr().write(buf_cont)
                     };
                     match res {
-                        Ok(n) => n as i64,
+                        Ok(n) => i64::try_from(n).unwrap(),
                         Err(_) => -1,
                     }
                 } else {
diff --git a/src/shims/foreign_items/posix/linux.rs b/src/shims/foreign_items/posix/linux.rs
@@ -114,7 +114,7 @@ fn getrandom<'tcx>(
     // neither of which have any effect on our current PRNG.
     let _flags = this.read_scalar(args[2])?.to_i32()?;
 
-    this.gen_random(ptr, len as usize)?;
+    this.gen_random(ptr, len)?;
     this.write_scalar(Scalar::from_uint(len, dest.layout.size), dest)?;
     Ok(())
 }
diff --git a/src/shims/foreign_items/posix/macos.rs b/src/shims/foreign_items/posix/macos.rs
@@ -97,7 +97,7 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
             "SecRandomCopyBytes" => {
                 let len = this.read_scalar(args[1])?.to_machine_usize(this)?;
                 let ptr = this.read_scalar(args[2])?.not_undef()?;
-                this.gen_random(ptr, len as usize)?;
+                this.gen_random(ptr, len)?;
                 this.write_null(dest)?;
             }
 
diff --git a/src/shims/foreign_items/windows.rs b/src/shims/foreign_items/windows.rs
@@ -165,12 +165,12 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
                 this.write_scalar(Scalar::from_uint(key, dest.layout.size), dest)?;
             }
             "TlsGetValue" => {
-                let key = this.read_scalar(args[0])?.to_u32()? as u128;
+                let key = u128::from(this.read_scalar(args[0])?.to_u32()?);
                 let ptr = this.machine.tls.load_tls(key, tcx)?;
                 this.write_scalar(ptr, dest)?;
             }
             "TlsSetValue" => {
-                let key = this.read_scalar(args[0])?.to_u32()? as u128;
+                let key = u128::from(this.read_scalar(args[0])?.to_u32()?);
                 let new_ptr = this.read_scalar(args[1])?.not_undef()?;
                 this.machine.tls.store_tls(key, this.test_null(new_ptr)?)?;
 
@@ -197,7 +197,7 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
             "SystemFunction036" => {
                 let ptr = this.read_scalar(args[0])?.not_undef()?;
                 let len = this.read_scalar(args[1])?.to_u32()?;
-                this.gen_random(ptr, len as usize)?;
+                this.gen_random(ptr, len.into())?;
                 this.write_scalar(Scalar::from_bool(true), dest)?;
             }
             // We don't support threading.
diff --git a/src/shims/fs.rs b/src/shims/fs.rs
@@ -10,7 +10,7 @@ use rustc::ty::layout::{Align, LayoutOf, Size};
 
 use crate::stacked_borrows::Tag;
 use crate::*;
-use helpers::immty_from_uint_checked;
+use helpers::{immty_from_int_checked, immty_from_uint_checked};
 use shims::time::system_time_to_duration;
 
 #[derive(Debug)]
@@ -56,7 +56,7 @@ impl FileHandler {
         let new_fd = candidate_new_fd.unwrap_or_else(|| {
             // find_map ran out of BTreeMap entries before finding a free fd, use one plus the
             // maximum fd in the map
-            self.handles.last_entry().map(|entry| entry.key() + 1).unwrap_or(min_fd)
+            self.handles.last_entry().map(|entry| entry.key().checked_add(1).unwrap()).unwrap_or(min_fd)
         });
 
         self.handles.insert(new_fd, file_handle).unwrap_none();
@@ -167,11 +167,11 @@ trait EvalContextExtPrivate<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, '
         match file_type {
             Ok(file_type) => {
                 if file_type.is_dir() {
-                    Ok(this.eval_libc("DT_DIR")?.to_u8()? as i32)
+                    Ok(this.eval_libc("DT_DIR")?.to_u8()?.into())
                 } else if file_type.is_file() {
-                    Ok(this.eval_libc("DT_REG")?.to_u8()? as i32)
+                    Ok(this.eval_libc("DT_REG")?.to_u8()?.into())
                 } else if file_type.is_symlink() {
-                    Ok(this.eval_libc("DT_LNK")?.to_u8()? as i32)
+                    Ok(this.eval_libc("DT_LNK")?.to_u8()?.into())
                 } else {
                     // Certain file types are only supported when the host is a Unix system.
                     // (i.e. devices and sockets) If it is, check those cases, if not, fall back to
@@ -181,19 +181,19 @@ trait EvalContextExtPrivate<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, '
                     {
                         use std::os::unix::fs::FileTypeExt;
                         if file_type.is_block_device() {
-                            Ok(this.eval_libc("DT_BLK")?.to_u8()? as i32)
+                            Ok(this.eval_libc("DT_BLK")?.to_u8()?.into())
                         } else if file_type.is_char_device() {
-                            Ok(this.eval_libc("DT_CHR")?.to_u8()? as i32)
+                            Ok(this.eval_libc("DT_CHR")?.to_u8()?.into())
                         } else if file_type.is_fifo() {
-                            Ok(this.eval_libc("DT_FIFO")?.to_u8()? as i32)
+                            Ok(this.eval_libc("DT_FIFO")?.to_u8()?.into())
                         } else if file_type.is_socket() {
-                            Ok(this.eval_libc("DT_SOCK")?.to_u8()? as i32)
+                            Ok(this.eval_libc("DT_SOCK")?.to_u8()?.into())
                         } else {
-                            Ok(this.eval_libc("DT_UNKNOWN")?.to_u8()? as i32)
+                            Ok(this.eval_libc("DT_UNKNOWN")?.to_u8()?.into())
                         }
                     }
                     #[cfg(not(unix))]
-                    Ok(this.eval_libc("DT_UNKNOWN")?.to_u8()? as i32)
+                    Ok(this.eval_libc("DT_UNKNOWN")?.to_u8()?.into())
                 }
             }
             Err(e) => return match e.raw_os_error() {
@@ -507,7 +507,7 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
         let whence = this.read_scalar(whence_op)?.to_i32()?;
 
         let seek_from = if whence == this.eval_libc_i32("SEEK_SET")? {
-            SeekFrom::Start(offset as u64)
+            SeekFrom::Start(u64::try_from(offset).unwrap())
         } else if whence == this.eval_libc_i32("SEEK_CUR")? {
             SeekFrom::Current(offset)
         } else if whence == this.eval_libc_i32("SEEK_END")? {
@@ -519,7 +519,7 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
         };
 
         if let Some(FileHandle { file, writable: _ }) = this.machine.file_handler.handles.get_mut(&fd) {
-            let result = file.seek(seek_from).map(|offset| offset as i64);
+            let result = file.seek(seek_from).map(|offset| i64::try_from(offset).unwrap());
             this.try_unwrap_io_result(result)
         } else {
             this.handle_not_found()
@@ -810,7 +810,7 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
         this.check_no_isolation("mkdir")?;
 
         let _mode = if this.tcx.sess.target.target.target_os.as_str() == "macos" {
-            this.read_scalar(mode_op)?.not_undef()?.to_u16()? as u32
+            u32::from(this.read_scalar(mode_op)?.not_undef()?.to_u16()?)
         } else {
             this.read_scalar(mode_op)?.to_u32()?
         };
@@ -929,13 +929,13 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
                 #[cfg(not(unix))]
                 let ino = 0u64;
 
-                let file_type = this.file_type_to_d_type(dir_entry.file_type())? as u128;
+                let file_type = this.file_type_to_d_type(dir_entry.file_type())?;
 
                 let imms = [
                     immty_from_uint_checked(ino, ino64_t_layout)?, // d_ino
                     immty_from_uint_checked(0u128, off64_t_layout)?, // d_off
                     immty_from_uint_checked(0u128, c_ushort_layout)?, // d_reclen
-                    immty_from_uint_checked(file_type, c_uchar_layout)?, // d_type
+                    immty_from_int_checked(file_type, c_uchar_layout)?, // d_type
                 ];
                 this.write_packed_immediates(entry_place, &imms)?;
 
@@ -1017,14 +1017,14 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
                 #[cfg(not(unix))]
                 let ino = 0u64;
 
-                let file_type = this.file_type_to_d_type(dir_entry.file_type())? as u128;
+                let file_type = this.file_type_to_d_type(dir_entry.file_type())?;
 
                 let imms = [
                     immty_from_uint_checked(ino, ino_t_layout)?, // d_ino
                     immty_from_uint_checked(0u128, off_t_layout)?, // d_seekoff
                     immty_from_uint_checked(0u128, c_ushort_layout)?, // d_reclen
                     immty_from_uint_checked(file_name_len, c_ushort_layout)?, // d_namlen
-                    immty_from_uint_checked(file_type, c_uchar_layout)?, // d_type
+                    immty_from_int_checked(file_type, c_uchar_layout)?, // d_type
                 ];
                 this.write_packed_immediates(entry_place, &imms)?;
 
diff --git a/src/shims/intrinsics.rs b/src/shims/intrinsics.rs
diff --git a/src/shims/mod.rs b/src/shims/mod.rs
diff --git a/src/shims/time.rs b/src/shims/time.rs

Original file line number	Diff line number	Diff line change
`@@ -259,7 +259,6 @@ fn main() {`
`259`	`259`	`rustc_driver::install_ice_hook();`
`260`	`260`	`let result = rustc_driver::catch_fatal_errors(move \|\| {`
`261`	`261`	`rustc_driver::run_compiler(&rustc_args, &mut MiriCompilerCalls { miri_config }, None, None)`
`262`		`- })`
`263`		`- .and_then(\|result\| result);`
	`262`	`+ });`
`264`	`263`	`std::process::exit(result.is_err() as i32);`
`265`	`264`	`}`
Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx`
`37`	`37`	`GetEntropy => {`
`38`	`38`	`let ptr = this.read_scalar(args[0])?.not_undef()?;`
`39`	`39`	`let len = this.read_scalar(args[1])?.to_machine_usize(this)?;`
`40`		`- this.gen_random(ptr, len as usize)?;`
	`40`	`+ this.gen_random(ptr, len)?;`
`41`	`41`	`this.write_null(dest)?;`
`42`	`42`	`}`
`43`	`43`	`}`
Original file line number	Diff line number	Diff line change
`@@ -114,7 +114,7 @@ fn getrandom<'tcx>(`
`114`	`114`	`// neither of which have any effect on our current PRNG.`
`115`	`115`	`let _flags = this.read_scalar(args[2])?.to_i32()?;`
`116`	`116`
`117`		`- this.gen_random(ptr, len as usize)?;`
	`117`	`+ this.gen_random(ptr, len)?;`
`118`	`118`	`this.write_scalar(Scalar::from_uint(len, dest.layout.size), dest)?;`
`119`	`119`	`Ok(())`
`120`	`120`	`}`
Original file line number	Diff line number	Diff line change
`@@ -97,7 +97,7 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx`
`97`	`97`	`"SecRandomCopyBytes" => {`
`98`	`98`	`let len = this.read_scalar(args[1])?.to_machine_usize(this)?;`
`99`	`99`	`let ptr = this.read_scalar(args[2])?.not_undef()?;`
`100`		`- this.gen_random(ptr, len as usize)?;`
	`100`	`+ this.gen_random(ptr, len)?;`
`101`	`101`	`this.write_null(dest)?;`
`102`	`102`	`}`
`103`	`103`