Auto merge of #863 - RalfJung:deref-checks, r=RalfJung

adjust tests for eager pointer checks on deref

The Miri side of rust-lang/rust#63075.

Fixes #447.

Author: bors

rust-version

@@ -1 +1 @@
-00ee1b47f42129a0a6e33510578fbcf07c1e5382
+1cdcea920e56a5d0587307a4c9cf8fff5c77c4bc

src/operator.rs

@@ -35,7 +35,7 @@ impl<'mir, 'tcx> EvalContextExt<'tcx> for super::MiriEvalContext<'mir, 'tcx> {
     #[inline]
     fn pointer_inbounds(&self, ptr: Pointer<Tag>) -> InterpResult<'tcx> {
         let (size, _align) = self.memory().get_size_and_align(ptr.alloc_id, AllocCheck::Live)?;
-        ptr.check_in_alloc(size, CheckInAllocMsg::InboundsTest)
+        ptr.check_inbounds_alloc(size, CheckInAllocMsg::InboundsTest)
     }
 
     fn binary_ptr_op(

tests/compile-fail/deref-invalid-ptr.rs

@@ -0,0 +1,7 @@
+// This should fail even without validation.
+// compile-flags: -Zmiri-disable-validation
+
+fn main() {
+    let x = 2usize as *const u32;
+    let _y = unsafe { &*x as *const u32 }; //~ ERROR dangling pointer was dereferenced
+}

tests/compile-fail/deref-partially-dangling.rs

@@ -0,0 +1,8 @@
+// Deref a raw ptr to access a field of a large struct, where the field
+// is allocated but not the entire struct is.
+fn main() {
+    let x = (1, 13);
+    let xptr = &x as *const _ as *const (i32, i32, i32);
+    let val = unsafe { (*xptr).1 }; //~ ERROR pointer must be in-bounds at offset 12, but is outside bounds of allocation
+    assert_eq!(val, 13);
+}

tests/compile-fail/intptrcast_alignment_check.rs

@@ -1,18 +1,12 @@
-// Validation makes this fail in the wrong place
-// compile-flags: -Zmiri-disable-validation
-
 // Even with intptrcast and without validation, we want to be *sure* to catch bugs
 // that arise from pointers being insufficiently aligned. The only way to achieve
 // that is not not let programs exploit integer information for alignment, so here
 // we test that this is indeed the case.
 fn main() {
     let x = &mut [0u8; 3];
     let base_addr = x as *mut _ as usize;
-    let u16_ref = unsafe { if base_addr % 2 == 0 {
-        &mut *(base_addr as *mut u16)
-    } else {
-        &mut *((base_addr+1) as *mut u16)
-    } };
-    *u16_ref = 2; //~ ERROR tried to access memory with alignment 1, but alignment 2 is required
+    let base_addr_aligned = if base_addr % 2 == 0 { base_addr } else { base_addr+1 };
+    let u16_ptr = base_addr_aligned as *mut u16;
+    unsafe { *u16_ptr = 2; } //~ ERROR tried to access memory with alignment 1, but alignment 2 is required
     println!("{:?}", x);
 }

tests/compile-fail/storage_dead_dangling.rs

@@ -8,8 +8,7 @@ fn fill(v: &mut i32) {
 }
 
 fn evil() {
-    let v = unsafe { &mut *(LEAK as *mut i32) };
-    let _x = *v; //~ ERROR dangling pointer was dereferenced
+    unsafe { &mut *(LEAK as *mut i32) }; //~ ERROR dangling pointer was dereferenced
 }
 
 fn main() {

tests/run-pass/ref-invalid-ptr.rs

@@ -1,6 +1,5 @@
 // Test various stacked-borrows-related things.
 fn main() {
-    deref_partially_dangling_raw();
     read_does_not_invalidate1();
     read_does_not_invalidate2();
     ref_raw_int_raw();
@@ -14,16 +13,6 @@ fn main() {
     shr_and_raw();
 }
 
-// Deref a raw ptr to access a field of a large struct, where the field
-// is allocated but not the entire struct is.
-// For now, we want to allow this.
-fn deref_partially_dangling_raw() {
-    let x = (1, 13);
-    let xptr = &x as *const _ as *const (i32, i32, i32);
-    let val = unsafe { (*xptr).1 };
-    assert_eq!(val, 13);
-}
-
 // Make sure that reading from an `&mut` does, like reborrowing to `&`,
 // NOT invalidate other reborrows.
 fn read_does_not_invalidate1() {