properly track why we checked whether a pointer is in-bounds

RalfJung · RalfJung · commit edf0b25503ea · 2023-08-01T17:57:13.000+02:00
also simplify the in-bounds checking in Miri's borrow trackers
diff --git a/src/borrow_tracker/stacked_borrows/mod.rs b/src/borrow_tracker/stacked_borrows/mod.rs
@@ -18,7 +18,7 @@ use rustc_middle::ty::{
     layout::{HasParamEnv, LayoutOf},
     Ty,
 };
-use rustc_target::abi::{Abi, Size};
+use rustc_target::abi::{Abi, Align, Size};
 
 use crate::borrow_tracker::{
     stacked_borrows::diagnostics::{AllocHistory, DiagnosticCx, DiagnosticCxBuilder},
@@ -619,6 +619,8 @@ trait EvalContextPrivExt<'mir: 'ecx, 'tcx: 'mir, 'ecx>: crate::MiriInterpCxExt<'
         retag_info: RetagInfo, // diagnostics info about this retag
     ) -> InterpResult<'tcx, Option<AllocId>> {
         let this = self.eval_context_mut();
+        // Ensure we bail out if the pointer goes out-of-bounds (see miri#1050).
+        this.check_ptr_access_align(place.ptr, size, Align::ONE, CheckInAllocMsg::InboundsTest)?;
 
         // It is crucial that this gets called on all code paths, to ensure we track tag creation.
         let log_creation = |this: &MiriInterpCx<'mir, 'tcx>,
@@ -707,18 +709,6 @@ trait EvalContextPrivExt<'mir: 'ecx, 'tcx: 'mir, 'ecx>: crate::MiriInterpCxExt<'
         let (alloc_id, base_offset, orig_tag) = this.ptr_get_alloc_id(place.ptr)?;
         log_creation(this, Some((alloc_id, base_offset, orig_tag)))?;
 
-        // Ensure we bail out if the pointer goes out-of-bounds (see miri#1050).
-        let (alloc_size, _) = this.get_live_alloc_size_and_align(alloc_id)?;
-        if base_offset + size > alloc_size {
-            throw_ub!(PointerOutOfBounds {
-                alloc_id,
-                alloc_size,
-                ptr_offset: this.target_usize_to_isize(base_offset.bytes()),
-                ptr_size: size,
-                msg: CheckInAllocMsg::InboundsTest
-            });
-        }
-
         trace!(
             "reborrow: reference {:?} derived from {:?} (pointee {}): {:?}, size {}",
             new_tag,
diff --git a/src/borrow_tracker/tree_borrows/mod.rs b/src/borrow_tracker/tree_borrows/mod.rs
@@ -1,6 +1,6 @@
 use log::trace;
 
-use rustc_target::abi::{Abi, Size};
+use rustc_target::abi::{Abi, Align, Size};
 
 use crate::borrow_tracker::{AccessKind, GlobalStateInner, ProtectorKind, RetagFields};
 use rustc_middle::{
@@ -182,6 +182,8 @@ trait EvalContextPrivExt<'mir: 'ecx, 'tcx: 'mir, 'ecx>: crate::MiriInterpCxExt<'
         new_tag: BorTag,
     ) -> InterpResult<'tcx, Option<(AllocId, BorTag)>> {
         let this = self.eval_context_mut();
+        // Ensure we bail out if the pointer goes out-of-bounds (see miri#1050).
+        this.check_ptr_access_align(place.ptr, ptr_size, Align::ONE, CheckInAllocMsg::InboundsTest)?;
 
         // It is crucial that this gets called on all code paths, to ensure we track tag creation.
         let log_creation = |this: &MiriInterpCx<'mir, 'tcx>,
@@ -202,51 +204,33 @@ trait EvalContextPrivExt<'mir: 'ecx, 'tcx: 'mir, 'ecx>: crate::MiriInterpCxExt<'
         };
 
         trace!("Reborrow of size {:?}", ptr_size);
-        let (alloc_id, base_offset, parent_prov) = if ptr_size > Size::ZERO {
-            this.ptr_get_alloc_id(place.ptr)?
-        } else {
-            match this.ptr_try_get_alloc_id(place.ptr) {
-                Ok(data) => data,
-                Err(_) => {
-                    // This pointer doesn't come with an AllocId, so there's no
-                    // memory to do retagging in.
-                    trace!(
-                        "reborrow of size 0: reference {:?} derived from {:?} (pointee {})",
-                        new_tag,
-                        place.ptr,
-                        place.layout.ty,
-                    );
-                    log_creation(this, None)?;
-                    return Ok(None);
-                }
+        let (alloc_id, base_offset, parent_prov) = match this.ptr_try_get_alloc_id(place.ptr) {
+            Ok(data) => {
+                // Unlike SB, we *do* a proper retag for size 0 if can identify the allocation.
+                // After all, the pointer may be lazily initialized outside this initial range.
+                data
+            },
+            Err(_) => {
+                assert_eq!(ptr_size, Size::ZERO); // we did the deref check above, size has to be 0 here
+                // This pointer doesn't come with an AllocId, so there's no
+                // memory to do retagging in.
+                trace!(
+                    "reborrow of size 0: reference {:?} derived from {:?} (pointee {})",
+                    new_tag,
+                    place.ptr,
+                    place.layout.ty,
+                );
+                log_creation(this, None)?;
+                return Ok(None);
             }
         };
+        log_creation(this, Some((alloc_id, base_offset, parent_prov)))?;
+
         let orig_tag = match parent_prov {
             ProvenanceExtra::Wildcard => return Ok(None), // TODO: handle wildcard pointers
             ProvenanceExtra::Concrete(tag) => tag,
         };
 
-        // Protection against trying to get a reference to a vtable:
-        // vtables do not have an alloc_extra so the call to
-        // `get_alloc_extra` that follows fails.
-        let (alloc_size, _align, alloc_kind) = this.get_alloc_info(alloc_id);
-        if ptr_size == Size::ZERO && !matches!(alloc_kind, AllocKind::LiveData) {
-            return Ok(Some((alloc_id, orig_tag)));
-        }
-
-        log_creation(this, Some((alloc_id, base_offset, parent_prov)))?;
-
-        // Ensure we bail out if the pointer goes out-of-bounds (see miri#1050).
-        if base_offset + ptr_size > alloc_size {
-            throw_ub!(PointerOutOfBounds {
-                alloc_id,
-                alloc_size,
-                ptr_offset: this.target_usize_to_isize(base_offset.bytes()),
-                ptr_size,
-                msg: CheckInAllocMsg::InboundsTest
-            });
-        }
-
         trace!(
             "reborrow: reference {:?} derived from {:?} (pointee {}): {:?}, size {}",
             new_tag,
diff --git a/tests/fail/alloc/deallocate-twice.rs b/tests/fail/alloc/deallocate-twice.rs
@@ -1,6 +1,6 @@
 use std::alloc::{alloc, dealloc, Layout};
 
-//@error-in-other-file: dereferenced after this allocation got freed
+//@error-in-other-file: has been freed
 
 fn main() {
     unsafe {
diff --git a/tests/fail/alloc/deallocate-twice.stderr b/tests/fail/alloc/deallocate-twice.stderr
@@ -1,8 +1,8 @@
-error: Undefined Behavior: pointer to ALLOC was dereferenced after this allocation got freed
+error: Undefined Behavior: memory access failed: ALLOC has been freed, so this pointer is dangling
   --> RUSTLIB/alloc/src/alloc.rs:LL:CC
    |
 LL |     unsafe { __rust_dealloc(ptr, layout.size(), layout.align()) }
-   |              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pointer to ALLOC was dereferenced after this allocation got freed
+   |              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ memory access failed: ALLOC has been freed, so this pointer is dangling
    |
    = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
    = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
diff --git a/tests/fail/alloc/reallocate-change-alloc.rs b/tests/fail/alloc/reallocate-change-alloc.rs
@@ -4,6 +4,6 @@ fn main() {
     unsafe {
         let x = alloc(Layout::from_size_align_unchecked(1, 1));
         let _y = realloc(x, Layout::from_size_align_unchecked(1, 1), 1);
-        let _z = *x; //~ ERROR: dereferenced after this allocation got freed
+        let _z = *x; //~ ERROR: has been freed
     }
 }
diff --git a/tests/fail/alloc/reallocate-change-alloc.stderr b/tests/fail/alloc/reallocate-change-alloc.stderr
@@ -1,8 +1,8 @@
-error: Undefined Behavior: pointer to ALLOC was dereferenced after this allocation got freed
+error: Undefined Behavior: dereferencing pointer failed: ALLOC has been freed, so this pointer is dangling
   --> $DIR/reallocate-change-alloc.rs:LL:CC
    |
 LL |         let _z = *x;
-   |                  ^^ pointer to ALLOC was dereferenced after this allocation got freed
+   |                  ^^ dereferencing pointer failed: ALLOC has been freed, so this pointer is dangling
    |
    = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
    = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
diff --git a/tests/fail/alloc/reallocate-dangling.rs b/tests/fail/alloc/reallocate-dangling.rs
@@ -1,6 +1,6 @@
 use std::alloc::{alloc, dealloc, realloc, Layout};
 
-//@error-in-other-file: dereferenced after this allocation got freed
+//@error-in-other-file: has been freed
 
 fn main() {
     unsafe {
diff --git a/tests/fail/alloc/reallocate-dangling.stderr b/tests/fail/alloc/reallocate-dangling.stderr
@@ -1,8 +1,8 @@
-error: Undefined Behavior: pointer to ALLOC was dereferenced after this allocation got freed
+error: Undefined Behavior: memory access failed: ALLOC has been freed, so this pointer is dangling
   --> RUSTLIB/alloc/src/alloc.rs:LL:CC
    |
 LL |     unsafe { __rust_realloc(ptr, layout.size(), layout.align(), new_size) }
-   |              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pointer to ALLOC was dereferenced after this allocation got freed
+   |              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ memory access failed: ALLOC has been freed, so this pointer is dangling
    |
    = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
    = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
diff --git a/tests/fail/concurrency/thread_local_static_dealloc.rs b/tests/fail/concurrency/thread_local_static_dealloc.rs
@@ -11,6 +11,6 @@ unsafe impl Send for SendRaw {}
 fn main() {
     unsafe {
         let dangling_ptr = std::thread::spawn(|| SendRaw(&TLS as *const u8)).join().unwrap();
-        let _val = *dangling_ptr.0; //~ ERROR: dereferenced after this allocation got freed
+        let _val = *dangling_ptr.0; //~ ERROR: has been freed
     }
 }
diff --git a/tests/fail/concurrency/thread_local_static_dealloc.stderr b/tests/fail/concurrency/thread_local_static_dealloc.stderr
@@ -1,8 +1,8 @@
-error: Undefined Behavior: pointer to ALLOC was dereferenced after this allocation got freed
+error: Undefined Behavior: dereferencing pointer failed: ALLOC has been freed, so this pointer is dangling
   --> $DIR/thread_local_static_dealloc.rs:LL:CC
    |
 LL |         let _val = *dangling_ptr.0;
-   |                    ^^^^^^^^^^^^^^^ pointer to ALLOC was dereferenced after this allocation got freed
+   |                    ^^^^^^^^^^^^^^^ dereferencing pointer failed: ALLOC has been freed, so this pointer is dangling
    |
    = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
    = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
diff --git a/tests/fail/dangling_pointers/dangling_pointer_addr_of.rs b/tests/fail/dangling_pointers/dangling_pointer_addr_of.rs
@@ -7,6 +7,6 @@ fn main() {
         let b = Box::new(42);
         &*b as *const i32
     };
-    let x = unsafe { ptr::addr_of!(*p) }; //~ ERROR: dereferenced after this allocation got freed
+    let x = unsafe { ptr::addr_of!(*p) }; //~ ERROR: has been freed
     panic!("this should never print: {:?}", x);
 }
diff --git a/tests/fail/dangling_pointers/dangling_pointer_addr_of.stderr b/tests/fail/dangling_pointers/dangling_pointer_addr_of.stderr
@@ -1,8 +1,8 @@
-error: Undefined Behavior: pointer to ALLOC was dereferenced after this allocation got freed
+error: Undefined Behavior: dereferencing pointer failed: ALLOC has been freed, so this pointer is dangling
   --> $DIR/dangling_pointer_addr_of.rs:LL:CC
    |
 LL |     let x = unsafe { ptr::addr_of!(*p) };
-   |                      ^^^^^^^^^^^^^^^^^ pointer to ALLOC was dereferenced after this allocation got freed
+   |                      ^^^^^^^^^^^^^^^^^ dereferencing pointer failed: ALLOC has been freed, so this pointer is dangling
    |
    = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
    = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
diff --git a/tests/fail/dangling_pointers/dangling_pointer_deref.rs b/tests/fail/dangling_pointers/dangling_pointer_deref.rs
@@ -6,6 +6,6 @@ fn main() {
         let b = Box::new(42);
         &*b as *const i32
     };
-    let x = unsafe { *p }; //~ ERROR: dereferenced after this allocation got freed
+    let x = unsafe { *p }; //~ ERROR: has been freed
     panic!("this should never print: {}", x);
 }
diff --git a/tests/fail/dangling_pointers/dangling_pointer_deref.stderr b/tests/fail/dangling_pointers/dangling_pointer_deref.stderr
@@ -1,8 +1,8 @@
-error: Undefined Behavior: pointer to ALLOC was dereferenced after this allocation got freed
+error: Undefined Behavior: dereferencing pointer failed: ALLOC has been freed, so this pointer is dangling
   --> $DIR/dangling_pointer_deref.rs:LL:CC
    |
 LL |     let x = unsafe { *p };
-   |                      ^^ pointer to ALLOC was dereferenced after this allocation got freed
+   |                      ^^ dereferencing pointer failed: ALLOC has been freed, so this pointer is dangling
    |
    = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
    = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
diff --git a/tests/fail/dangling_pointers/dangling_pointer_offset.rs b/tests/fail/dangling_pointers/dangling_pointer_offset.rs
@@ -0,0 +1,11 @@
+// Make sure we find these even with many checks disabled.
+//@compile-flags: -Zmiri-disable-alignment-check -Zmiri-disable-stacked-borrows -Zmiri-disable-validation
+
+fn main() {
+    let p = {
+        let b = Box::new(42);
+        &*b as *const i32
+    };
+    let x = unsafe { p.offset(42) }; //~ ERROR: /out-of-bounds pointer arithmetic: .* has been freed/
+    panic!("this should never print: {:?}", x);
+}
diff --git a/tests/fail/dangling_pointers/dangling_pointer_offset.stderr b/tests/fail/dangling_pointers/dangling_pointer_offset.stderr
@@ -0,0 +1,15 @@
+error: Undefined Behavior: out-of-bounds pointer arithmetic: ALLOC has been freed, so this pointer is dangling
+  --> $DIR/dangling_pointer_offset.rs:LL:CC
+   |
+LL |     let x = unsafe { p.offset(42) };
+   |                      ^^^^^^^^^^^^ out-of-bounds pointer arithmetic: ALLOC has been freed, so this pointer is dangling
+   |
+   = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
+   = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
+   = note: BACKTRACE:
+   = note: inside `main` at $DIR/dangling_pointer_offset.rs:LL:CC
+
+note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
+
+error: aborting due to previous error
+
diff --git a/tests/fail/dangling_pointers/dangling_pointer_project_underscore.rs b/tests/fail/dangling_pointers/dangling_pointer_project_underscore.rs
@@ -7,7 +7,7 @@ fn main() {
         &*b as *const i32
     };
     unsafe {
-        let _ = *p; //~ ERROR: dereferenced after this allocation got freed
+        let _ = *p; //~ ERROR: has been freed
     }
     panic!("this should never print");
 }
diff --git a/tests/fail/dangling_pointers/dangling_pointer_project_underscore.stderr b/tests/fail/dangling_pointers/dangling_pointer_project_underscore.stderr
@@ -1,13 +1,13 @@
-error: Undefined Behavior: pointer to ALLOC was dereferenced after this allocation got freed
-  --> $DIR/dangling_pointer_deref_underscore.rs:LL:CC
+error: Undefined Behavior: dereferencing pointer failed: ALLOC has been freed, so this pointer is dangling
+  --> $DIR/dangling_pointer_project_underscore.rs:LL:CC
    |
 LL |         let _ = *p;
-   |                 ^^ pointer to ALLOC was dereferenced after this allocation got freed
+   |                 ^^ dereferencing pointer failed: ALLOC has been freed, so this pointer is dangling
    |
    = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
    = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
    = note: BACKTRACE:
-   = note: inside `main` at $DIR/dangling_pointer_deref_underscore.rs:LL:CC
+   = note: inside `main` at $DIR/dangling_pointer_project_underscore.rs:LL:CC
 
 note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
 
diff --git a/tests/fail/dangling_pointers/dangling_zst_deref.rs b/tests/fail/dangling_pointers/dangling_zst_deref.rs
@@ -6,5 +6,5 @@ fn main() {
         let b = Box::new(42);
         &*b as *const i32 as *const ()
     };
-    let _x = unsafe { *p }; //~ ERROR: dereferenced after this allocation got freed
+    let _x = unsafe { *p }; //~ ERROR: has been freed
 }
diff --git a/tests/fail/dangling_pointers/dangling_zst_deref.stderr b/tests/fail/dangling_pointers/dangling_zst_deref.stderr
@@ -1,8 +1,8 @@
-error: Undefined Behavior: pointer to ALLOC was dereferenced after this allocation got freed
+error: Undefined Behavior: dereferencing pointer failed: ALLOC has been freed, so this pointer is dangling
   --> $DIR/dangling_zst_deref.rs:LL:CC
    |
 LL |     let _x = unsafe { *p };
-   |                       ^^ pointer to ALLOC was dereferenced after this allocation got freed
+   |                       ^^ dereferencing pointer failed: ALLOC has been freed, so this pointer is dangling
    |
    = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
    = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
diff --git a/tests/fail/dangling_pointers/stack_temporary.rs b/tests/fail/dangling_pointers/stack_temporary.rs
@@ -8,7 +8,7 @@ unsafe fn make_ref<'a>(x: *mut i32) -> &'a mut i32 {
 fn main() {
     unsafe {
         let x = make_ref(&mut 0); // The temporary storing "0" is deallocated at the ";"!
-        let val = *x; //~ ERROR: dereferenced after this allocation got freed
+        let val = *x; //~ ERROR: has been freed
         println!("{}", val);
     }
 }
diff --git a/tests/fail/dangling_pointers/stack_temporary.stderr b/tests/fail/dangling_pointers/stack_temporary.stderr
@@ -1,8 +1,8 @@
-error: Undefined Behavior: pointer to ALLOC was dereferenced after this allocation got freed
+error: Undefined Behavior: dereferencing pointer failed: ALLOC has been freed, so this pointer is dangling
   --> $DIR/stack_temporary.rs:LL:CC
    |
 LL |         let val = *x;
-   |                   ^^ pointer to ALLOC was dereferenced after this allocation got freed
+   |                   ^^ dereferencing pointer failed: ALLOC has been freed, so this pointer is dangling
    |
    = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
    = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
diff --git a/tests/fail/data_race/dealloc_read_race2.rs b/tests/fail/data_race/dealloc_read_race2.rs
@@ -32,7 +32,7 @@ pub fn main() {
             let ptr = ptr; // avoid field capturing
             // Also an error of the form: Data race detected between (1) Deallocate on thread `<unnamed>` and (2) Read on thread `<unnamed>`
             // but the invalid allocation is detected first.
-            *ptr.0 //~ ERROR: dereferenced after this allocation got freed
+            *ptr.0 //~ ERROR: has been freed
         });
 
         j1.join().unwrap();
diff --git a/tests/fail/data_race/dealloc_read_race2.stderr b/tests/fail/data_race/dealloc_read_race2.stderr
@@ -1,8 +1,8 @@
-error: Undefined Behavior: pointer to ALLOC was dereferenced after this allocation got freed
+error: Undefined Behavior: dereferencing pointer failed: ALLOC has been freed, so this pointer is dangling
   --> $DIR/dealloc_read_race2.rs:LL:CC
    |
 LL |             *ptr.0
-   |             ^^^^^^ pointer to ALLOC was dereferenced after this allocation got freed
+   |             ^^^^^^ dereferencing pointer failed: ALLOC has been freed, so this pointer is dangling
    |
    = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
    = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
diff --git a/tests/fail/data_race/dealloc_write_race2.rs b/tests/fail/data_race/dealloc_write_race2.rs
@@ -31,7 +31,7 @@ pub fn main() {
             let ptr = ptr; // avoid field capturing
             // Also an error of the form: Data race detected between (1) Deallocate on thread `<unnamed>` and (2) Write on thread `<unnamed>`
             // but the invalid allocation is detected first.
-            *ptr.0 = 2; //~ ERROR: dereferenced after this allocation got freed
+            *ptr.0 = 2; //~ ERROR: has been freed
         });
 
         j1.join().unwrap();
diff --git a/tests/fail/data_race/dealloc_write_race2.stderr b/tests/fail/data_race/dealloc_write_race2.stderr
@@ -1,8 +1,8 @@
-error: Undefined Behavior: pointer to ALLOC was dereferenced after this allocation got freed
+error: Undefined Behavior: dereferencing pointer failed: ALLOC has been freed, so this pointer is dangling
   --> $DIR/dealloc_write_race2.rs:LL:CC
    |
 LL |             *ptr.0 = 2;
-   |             ^^^^^^^^^^ pointer to ALLOC was dereferenced after this allocation got freed
+   |             ^^^^^^^^^^ dereferencing pointer failed: ALLOC has been freed, so this pointer is dangling
    |
    = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
    = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
diff --git a/tests/fail/environ-gets-deallocated.rs b/tests/fail/environ-gets-deallocated.rs
@@ -20,5 +20,5 @@ fn main() {
     let pointer = get_environ();
     let _x = unsafe { *pointer };
     std::env::set_var("FOO", "BAR");
-    let _y = unsafe { *pointer }; //~ ERROR: dereferenced after this allocation got freed
+    let _y = unsafe { *pointer }; //~ ERROR: has been freed
 }
diff --git a/tests/fail/environ-gets-deallocated.stderr b/tests/fail/environ-gets-deallocated.stderr
@@ -1,8 +1,8 @@
-error: Undefined Behavior: pointer to ALLOC was dereferenced after this allocation got freed
+error: Undefined Behavior: dereferencing pointer failed: ALLOC has been freed, so this pointer is dangling
   --> $DIR/environ-gets-deallocated.rs:LL:CC
    |
 LL |     let _y = unsafe { *pointer };
-   |                       ^^^^^^^^ pointer to ALLOC was dereferenced after this allocation got freed
+   |                       ^^^^^^^^ dereferencing pointer failed: ALLOC has been freed, so this pointer is dangling
    |
    = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
    = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
diff --git a/tests/fail/generator-pinned-moved.rs b/tests/fail/generator-pinned-moved.rs
diff --git a/tests/fail/generator-pinned-moved.stderr b/tests/fail/generator-pinned-moved.stderr
diff --git a/tests/fail/rc_as_ptr.rs b/tests/fail/rc_as_ptr.rs
diff --git a/tests/fail/rc_as_ptr.stderr b/tests/fail/rc_as_ptr.stderr
diff --git a/tests/fail/shims/mmap_use_after_munmap.rs b/tests/fail/shims/mmap_use_after_munmap.rs
diff --git a/tests/fail/shims/mmap_use_after_munmap.stderr b/tests/fail/shims/mmap_use_after_munmap.stderr
diff --git a/tests/fail/zst2.rs b/tests/fail/zst2.rs
diff --git a/tests/fail/zst2.stderr b/tests/fail/zst2.stderr

Original file line number	Diff line number	Diff line change
`@@ -1,8 +1,8 @@`
`1`		`-error: Undefined Behavior: pointer to ALLOC was dereferenced after this allocation got freed`
	`1`	`+error: Undefined Behavior: memory access failed: ALLOC has been freed, so this pointer is dangling`
`2`	`2`	`--> RUSTLIB/alloc/src/alloc.rs:LL:CC`
`3`	`3`	`\|`
`4`	`4`	`LL \| unsafe { __rust_dealloc(ptr, layout.size(), layout.align()) }`
`5`		`- \| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pointer to ALLOC was dereferenced after this allocation got freed`
	`5`	`+ \| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ memory access failed: ALLOC has been freed, so this pointer is dangling`
`6`	`6`	`\|`
`7`	`7`	`= help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior`
`8`	`8`	`= help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information`
Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,6 @@ fn main() {`
`4`	`4`	`unsafe {`
`5`	`5`	`let x = alloc(Layout::from_size_align_unchecked(1, 1));`
`6`	`6`	`let _y = realloc(x, Layout::from_size_align_unchecked(1, 1), 1);`
`7`		`- let _z = *x; //~ ERROR: dereferenced after this allocation got freed`
	`7`	`+ let _z = *x; //~ ERROR: has been freed`
`8`	`8`	`}`
`9`	`9`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,8 +1,8 @@`
`1`		`-error: Undefined Behavior: pointer to ALLOC was dereferenced after this allocation got freed`
	`1`	`+error: Undefined Behavior: dereferencing pointer failed: ALLOC has been freed, so this pointer is dangling`
`2`	`2`	`--> $DIR/reallocate-change-alloc.rs:LL:CC`
`3`	`3`	`\|`
`4`	`4`	`LL \| let _z = *x;`
`5`		`- \| ^^ pointer to ALLOC was dereferenced after this allocation got freed`
	`5`	`+ \| ^^ dereferencing pointer failed: ALLOC has been freed, so this pointer is dangling`
`6`	`6`	`\|`
`7`	`7`	`= help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior`
`8`	`8`	`= help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information`
Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,6 @@ unsafe impl Send for SendRaw {}`
`11`	`11`	`fn main() {`
`12`	`12`	`unsafe {`
`13`	`13`	`let dangling_ptr = std::thread::spawn(\|\| SendRaw(&TLS as *const u8)).join().unwrap();`
`14`		`- let _val = *dangling_ptr.0; //~ ERROR: dereferenced after this allocation got freed`
	`14`	`+ let _val = *dangling_ptr.0; //~ ERROR: has been freed`
`15`	`15`	`}`
`16`	`16`	`}`