handle rewrite

beepster4096 · beepster4096 · commit e9c2199f3ba3 · 2022-06-15T18:41:25.000-07:00
diff --git a/src/shims/windows/handle.rs b/src/shims/windows/handle.rs
@@ -12,37 +12,42 @@ enum RealHandle {
 }
 
 impl RealHandle {
-    fn discriminant(self) -> u64 {
+    const USABLE_BITS: u32 = 31;
+
+    fn discriminant(self) -> u32 {
         match self {
             // can't use zero here because all zero handle is invalid
             Self::Thread(_) => 1,
         }
     }
 
-    fn data(self) -> u64 {
+    fn data(self) -> u32 {
         match self {
-            Self::Thread(thread) => thread.to_u32() as u64,
+            Self::Thread(thread) => thread.to_u32(),
         }
     }
 
-    fn packed_disc_size() -> u64 {
-        (variant_count::<Self>().log2() + 1) as u64
+    fn packed_disc_size() -> u32 {
+        (variant_count::<Self>().log2() + 1)
+            .try_into()
+            .expect("this would require more than 2^4294967294 variants to overflow")
     }
 
-    fn to_packed(self, bits: u64) -> u64 {
-        // top bit and lower 2 bits need to be clear
-        let usable_bits = (bits - 3).min(32);
-
+    /// This function packs the discriminant and data values into a 31-bit space.
+    /// None of this layout is guaranteed to applications by Windows or Miri.
+    /// The sign bit is not used to avoid overlapping any pseudo-handles.
+    fn to_packed(self) -> i32 {
         let disc_size = Self::packed_disc_size();
-        let data_size = usable_bits - disc_size;
+        let data_size = Self::USABLE_BITS - disc_size;
 
         let discriminant = self.discriminant();
         let data = self.data();
 
-        assert!(discriminant < 2u64.pow(disc_size as u32));
-        assert!(data < 2u64.pow(data_size as u32));
+        // these assertions ensure the components avoid overlapping eachother and the sign bit
+        assert!(discriminant < 2u32.pow(disc_size));
+        assert!(data < 2u32.pow(data_size));
 
-        (discriminant << data_size | data) << 2
+        (discriminant << data_size | data) as i32
     }
 
     fn new(discriminant: u32, data: u32) -> Option<Self> {
@@ -52,67 +57,74 @@ impl RealHandle {
         }
     }
 
-    fn from_packed(handle: u64, bits: u64) -> Option<Self> {
-        let usable_bits = (bits - 3).min(32);
+    /// see docs for `to_packed`
+    fn from_packed(handle: i32) -> Option<Self> {
+        let handle_bits = handle as u32;
 
         let disc_size = Self::packed_disc_size();
-        let data_size = usable_bits - disc_size;
-        let data_mask = 2u64.pow(data_size as u32) - 1;
+        let data_size = Self::USABLE_BITS - disc_size;
+
+        // the lower `data_size` bits of this mask are 1
+        let data_mask = 2u32.pow(data_size) - 1;
 
-        let discriminant = handle >> data_size >> 2;
-        let data = handle >> 2 & data_mask;
+        let discriminant = handle_bits >> data_size;
+        let data = handle_bits & data_mask;
 
-        Self::new(discriminant.try_into().unwrap(), data.try_into().unwrap())
+        Self::new(discriminant, data)
     }
 }
 
 /// Miri representation of a Windows `HANDLE`
 #[derive(Clone, Copy, Debug, PartialEq, Eq, Hash)]
 pub enum Handle {
     Null, // = 0
+
     // pseudo-handles
-    CurrentThread, // = -2
+    // The lowest pseudo-handle is -6, so miri pseduo-handles start at -7 to break code hardcoding these values
+    CurrentThread, // = -7
+
     // real handles
     Thread(ThreadId),
 }
 
 impl Handle {
-    fn to_packed(self, bits: u64) -> i64 {
+    fn to_packed(self) -> i32 {
         match self {
             Self::Null => 0,
-            Self::CurrentThread => -2,
-            Self::Thread(thread) => RealHandle::Thread(thread).to_packed(bits) as i64,
+            Self::CurrentThread => -7,
+            Self::Thread(thread) => RealHandle::Thread(thread).to_packed(),
         }
     }
 
     pub fn to_scalar(self, cx: &impl HasDataLayout) -> Scalar<Tag> {
-        let bits = cx.data_layout().pointer_size.bits();
-
-        let handle = self.to_packed(bits);
+        // 64-bit handles are sign extended 32-bit handles
+        // see https://docs.microsoft.com/en-us/windows/win32/winprog64/interprocess-communication
+        let handle = self.to_packed().into();
 
         Scalar::from_machine_isize(handle, cx)
     }
 
-    fn from_packed(handle: i64, bits: u64) -> Option<Self> {
+    fn from_packed(handle: i64) -> Option<Self> {
         if handle == 0 {
             Some(Self::Null)
-        } else if handle == -2 {
+        } else if handle == -7 {
             Some(Self::CurrentThread)
-        } else {
-            match RealHandle::from_packed(handle as u64, bits)? {
+        } else if let Ok(handle) = handle.try_into() {
+            match RealHandle::from_packed(handle)? {
                 RealHandle::Thread(id) => Some(Self::Thread(id)),
             }
+        } else {
+            // if a handle doesn't fit in an i32, it isn't valid.
+            None
         }
     }
 
     pub fn from_scalar<'tcx>(
         handle: Scalar<Tag>,
         cx: &impl HasDataLayout,
     ) -> InterpResult<'tcx, Option<Self>> {
-        let bits = cx.data_layout().pointer_size.bits();
-
         let handle = handle.to_machine_isize(cx)?;
 
-        Ok(Self::from_packed(handle, bits))
+        Ok(Self::from_packed(handle))
     }
 }
