nordic-dev.net/rust
nordic-dev.net/rust
2
0
Fork 0
mirror of https://github.com/rust-lang/rust.git synced 2025-05-14 02:49:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
97cdc8ef44
rust/library
History
Matthias Krüger 97cdc8ef44
Rollup merge of #130229 - RalfJung:ptr-offset-unsigned, r=scottmcm 
ptr::add/sub: do not claim equivalence with `offset(c as isize)`

In https://github.com/rust-lang/rust/pull/110837, the `offset` intrinsic got changed to also allow a `usize` offset parameter. The intention is that this will do an unsigned multiplication with the size, and we have UB if that overflows -- and we also have UB if the result is larger than `usize::MAX`, i.e., if a subsequent cast to `isize` would wrap. ~~The LLVM backend sets some attributes accordingly.~~

This updates the docs for `add`/`sub` to match that intent, in preparation for adjusting codegen to exploit this UB. We use this opportunity to clarify what the exact requirements are: we compute the offset using mathematical multiplication (so it's no problem to have an `isize * usize` multiplication, we just multiply integers), and the result must fit in an `isize`.
Cc `@rust-lang/opsem` `@nikic`

https://github.com/rust-lang/rust/pull/130239 updates Miri to detect this UB.

`sub` still has some cases of UB not reflected in the underlying intrinsic semantics (and Miri does not catch): when we subtract `usize::MAX`, then after casting to `isize` that's just `-1` so we end up adding one unit without noticing any UB, but actually the offset we gave does not fit in an `isize`. Miri will currently still not complain for such cases:
```rust
fn main() {
    let x = &[0i32; 2];
    let x = x.as_ptr();
    // This should be UB, we are subtracting way too much.
    unsafe { x.sub(usize::MAX).read() };
}
```
However, the LLVM IR we generate here also is UB-free. This is "just" library UB but not language UB.
Cc `@saethlin;` might be worth adding precondition checks against overflow on `offset`/`add`/`sub`?

Fixes https://github.com/rust-lang/rust/issues/130211
2024-10-01 21:09:19 +02:00
..
alloc Rollup merge of #130914 - compiler-errors:insignificant-dtor, r=Amanieu 2024-09-30 19:18:50 -04:00
backtrace@230570f2da Try latest backtrace 2024-08-29 12:13:19 -07:00
core Rollup merge of #130229 - RalfJung:ptr-offset-unsigned, r=scottmcm 2024-10-01 21:09:19 +02:00
panic_abort step cfg(bootstrap) 2024-07-28 14:46:29 -04:00
panic_unwind library: Compute RUST_EXCEPTION_CLASS from native-endian bytes 2024-09-26 11:34:17 -07:00
portable-simd stabilize const_intrinsic_copy 2024-09-23 22:12:54 +02:00
proc_macro Reformat using the new identifier sorting from rustfmt 2024-09-22 19:11:29 -04:00
profiler_builtins Don't skip nonexistent source files 2024-08-27 17:30:42 +10:00
rtstartup Let InstCombine remove Clone shims inside Clone shims 2024-07-25 15:14:42 -04:00
rustc-std-workspace-alloc Replace libstd, libcore, liballoc in line comments. 2022-12-30 14:00:42 +01:00
rustc-std-workspace-core
rustc-std-workspace-std
std Auto merge of #126839 - obeis:mpmc, r=Amanieu 2024-10-01 13:35:16 +00:00
stdarch@ace72223a0 Fix up standard library intro 2024-09-23 09:21:39 -07:00
sysroot Auto merge of #125016 - nicholasbishop:bishop-cb-112, r=tgross35 2024-07-29 07:41:33 +00:00
test Dogfood feature(file_buffered) 2024-09-24 14:25:16 -07:00
unwind Use &raw in the standard library 2024-09-25 17:03:20 -07:00
windows_targets Win: Add dbghelp to the list of import libraries 2024-09-06 21:21:49 +00:00
Cargo.lock Update compiler_builtins to 0.1.130 2024-09-28 11:25:47 -04:00
Cargo.toml Auto merge of #129063 - the8472:cold-opt-size, r=Amanieu 2024-09-02 00:58:50 +00:00