Rollup merge of #113699 - RalfJung:miri, r=RalfJung

update Miri

This fixes a pretty nasty bug in the tag GC.

r? ghost

Author: matthiaskrgr

src/tools/miri/rust-version

@@ -1 +1 @@
-743333f3dd90721461c09387ec73d09c080d5f5f
+33a2c2487ac5d9927830ea4c1844335c6b9f77db

src/tools/miri/src/borrow_tracker/mod.rs

@@ -74,7 +74,7 @@ pub struct FrameState {
 
 impl VisitTags for FrameState {
     fn visit_tags(&self, _visit: &mut dyn FnMut(BorTag)) {
-        // `protected_tags` are fine to GC.
+        // `protected_tags` are already recorded by `GlobalStateInner`.
     }
 }
 
@@ -108,9 +108,12 @@ pub struct GlobalStateInner {
 }
 
 impl VisitTags for GlobalStateInner {
-    fn visit_tags(&self, _visit: &mut dyn FnMut(BorTag)) {
-        // The only candidate is base_ptr_tags, and that does not need visiting since we don't ever
-        // GC the bottommost tag.
+    fn visit_tags(&self, visit: &mut dyn FnMut(BorTag)) {
+        for &tag in self.protected_tags.keys() {
+            visit(tag);
+        }
+        // The only other candidate is base_ptr_tags, and that does not need visiting since we don't ever
+        // GC the bottommost/root tag.
     }
 }
 

src/tools/miri/src/borrow_tracker/stacked_borrows/mod.rs

@@ -996,7 +996,7 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriInterpCxExt<'mir, 'tcx> {
 
     /// Protect a place so that it cannot be used any more for the duration of the current function
     /// call.
-    /// 
+    ///
     /// This is used to ensure soundness of in-place function argument/return passing.
     fn sb_protect_place(&mut self, place: &MPlaceTy<'tcx, Provenance>) -> InterpResult<'tcx> {
         let this = self.eval_context_mut();

src/tools/miri/src/borrow_tracker/tree_borrows/mod.rs

@@ -497,7 +497,7 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriInterpCxExt<'mir, 'tcx> {
 
     /// Protect a place so that it cannot be used any more for the duration of the current function
     /// call.
-    /// 
+    ///
     /// This is used to ensure soundness of in-place function argument/return passing.
     fn tb_protect_place(&mut self, place: &MPlaceTy<'tcx, Provenance>) -> InterpResult<'tcx> {
         let this = self.eval_context_mut();

src/tools/miri/src/lib.rs

@@ -43,19 +43,20 @@
 // Needed for rustdoc from bootstrap (with `-Znormalize-docs`).
 #![recursion_limit = "256"]
 
+extern crate either; // the one from rustc
+
 extern crate rustc_apfloat;
 extern crate rustc_ast;
-extern crate rustc_errors;
-#[macro_use]
-extern crate rustc_middle;
 extern crate rustc_const_eval;
 extern crate rustc_data_structures;
+extern crate rustc_errors;
 extern crate rustc_hir;
 extern crate rustc_index;
+#[macro_use]
+extern crate rustc_middle;
 extern crate rustc_session;
 extern crate rustc_span;
 extern crate rustc_target;
-extern crate either; // the one from rustc
 
 // Necessary to pull in object code as the rest of the rustc crates are shipped only as rmeta
 // files.

src/tools/miri/src/machine.rs

@@ -1097,9 +1097,8 @@ impl<'mir, 'tcx> Machine<'mir, 'tcx> for MiriMachine<'mir, 'tcx> {
         ptr: Pointer<Self::Provenance>,
     ) -> InterpResult<'tcx> {
         match ptr.provenance {
-            Provenance::Concrete { alloc_id, tag } => {
-                intptrcast::GlobalStateInner::expose_ptr(ecx, alloc_id, tag)
-            }
+            Provenance::Concrete { alloc_id, tag } =>
+                intptrcast::GlobalStateInner::expose_ptr(ecx, alloc_id, tag),
             Provenance::Wildcard => {
                 // No need to do anything for wildcard pointers as
                 // their provenances have already been previously exposed.

src/tools/miri/tests/fail/dangling_pointers/dangling_zst_deref.rs

@@ -1,6 +1,5 @@
 // Make sure we find these even with many checks disabled.
-// Some optimizations remove ZST accesses, thus masking this UB.
-//@compile-flags: -Zmir-opt-level=0 -Zmiri-disable-alignment-check -Zmiri-disable-stacked-borrows -Zmiri-disable-validation
+//@compile-flags: -Zmiri-disable-alignment-check -Zmiri-disable-stacked-borrows -Zmiri-disable-validation
 
 fn main() {
     let p = {

src/tools/miri/tests/fail/dangling_pointers/dyn_size.rs

@@ -1,5 +1,5 @@
-// should find the bug even without these, but gets masked by optimizations
-//@compile-flags: -Zmiri-disable-validation -Zmiri-disable-stacked-borrows -Zmir-opt-level=0
+// should find the bug even without these
+//@compile-flags: -Zmiri-disable-validation -Zmiri-disable-stacked-borrows
 
 struct SliceWithHead(u8, [u8]);
 

src/tools/miri/tests/fail/dangling_pointers/maybe_null_pointer_deref_zst.rs

@@ -1,6 +1,3 @@
-// Some optimizations remove ZST accesses, thus masking this UB.
-//@compile-flags: -Zmir-opt-level=0
-
 fn main() {
     // This pointer *could* be NULL so we cannot load from it, not even at ZST
     let ptr = (&0u8 as *const u8).wrapping_sub(0x800) as *const ();

src/tools/miri/tests/fail/dangling_pointers/maybe_null_pointer_write_zst.rs

@@ -1,6 +1,3 @@
-// Some optimizations remove ZST accesses, thus masking this UB.
-//@compile-flags: -Zmir-opt-level=0
-
 fn main() {
     // This pointer *could* be NULL so we cannot load from it, not even at ZST.
     // Not using the () type here, as writes of that type do not even have MIR generated.

src/tools/miri/tests/fail/dangling_pointers/null_pointer_deref_zst.rs

@@ -1,6 +1,3 @@
-// Some optimizations remove ZST accesses, thus masking this UB.
-//@compile-flags: -Zmir-opt-level=0
-
 #[allow(deref_nullptr)]
 fn main() {
     let x: () = unsafe { *std::ptr::null() }; //~ ERROR: dereferencing pointer failed: null pointer is a dangling pointer

src/tools/miri/tests/fail/dangling_pointers/null_pointer_write_zst.rs

@@ -1,6 +1,3 @@
-// Some optimizations remove ZST accesses, thus masking this UB.
-//@compile-flags: -Zmir-opt-level=0
-
 #[allow(deref_nullptr)]
 fn main() {
     // Not using the () type here, as writes of that type do not even have MIR generated.

src/tools/miri/tests/fail/dangling_pointers/stack_temporary.rs

@@ -1,5 +1,5 @@
-// This should fail even without validation, but some MIR opts mask the error
-//@compile-flags: -Zmiri-disable-validation -Zmir-opt-level=0
+// This should fail even without validation
+//@compile-flags: -Zmiri-disable-validation
 
 unsafe fn make_ref<'a>(x: *mut i32) -> &'a mut i32 {
     &mut *x

src/tools/miri/tests/fail/dangling_pointers/storage_dead_dangling.rs

@@ -1,5 +1,5 @@
-// This should fail even without validation, but some MIR opts mask the error
-//@compile-flags: -Zmiri-disable-validation -Zmir-opt-level=0 -Zmiri-permissive-provenance
+// This should fail even without validation
+//@compile-flags: -Zmiri-disable-validation -Zmiri-permissive-provenance
 
 static mut LEAK: usize = 0;
 

src/tools/miri/tests/fail/data_race/read_write_race_stack.rs

@@ -1,7 +1,4 @@
-//@compile-flags: -Zmir-opt-level=0 -Zmiri-disable-weak-memory-emulation -Zmiri-preemption-rate=0 -Zmiri-disable-stacked-borrows
-
-// Note: mir-opt-level set to 0 to prevent the read of stack_var in thread 1
-// from being optimized away and preventing the detection of the data-race.
+//@compile-flags: -Zmiri-disable-weak-memory-emulation -Zmiri-preemption-rate=0 -Zmiri-disable-stacked-borrows
 
 use std::ptr::null_mut;
 use std::sync::atomic::{AtomicPtr, Ordering};

src/tools/miri/tests/fail/erroneous_const.rs

@@ -1,7 +1,5 @@
 //! Make sure we detect erroneous constants post-monomorphization even when they are unused.
 //! (https://github.com/rust-lang/miri/issues/1382)
-// Inlining changes the error location
-//@compile-flags: -Zmir-opt-level=0
 #![feature(never_type)]
 
 struct PrintName<T>(T);

src/tools/miri/tests/fail/function_calls/arg_inplace_observe_after.rs

@@ -5,17 +5,17 @@ pub struct S(i32);
 
 #[custom_mir(dialect = "runtime", phase = "optimized")]
 fn main() {
-    // FIXME: the span is not great (probably caused by custom MIR)
-    mir! { //~ERROR: uninitialized
+    mir! {
         let unit: ();
+        let _observe: i32;
         {
             let non_copy = S(42);
             // This could change `non_copy` in-place
             Call(unit, after_call, change_arg(Move(non_copy)))
         }
         after_call = {
             // So now we must not be allowed to observe non-copy again.
-            let _observe = non_copy.0;
+            _observe = non_copy.0; //~ERROR: uninitialized
             Return()
         }
 

src/tools/miri/tests/fail/function_calls/arg_inplace_observe_after.stderr

@@ -1,20 +1,13 @@
 error: Undefined Behavior: using uninitialized data, but this operation requires initialized memory
   --> $DIR/arg_inplace_observe_after.rs:LL:CC
    |
-LL | /     mir! {
-LL | |         let unit: ();
-LL | |         {
-LL | |             let non_copy = S(42);
-...  |
-LL | |
-LL | |     }
-   | |_____^ using uninitialized data, but this operation requires initialized memory
+LL |             _observe = non_copy.0;
+   |             ^^^^^^^^^^^^^^^^^^^^^ using uninitialized data, but this operation requires initialized memory
    |
    = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
    = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
    = note: BACKTRACE:
-   = note: inside `main` at RUSTLIB/core/src/intrinsics/mir.rs:LL:CC
-   = note: this error originates in the macro `::core::intrinsics::mir::__internal_remove_let` which comes from the expansion of the macro `mir` (in Nightly builds, run with -Z macro-backtrace for more info)
+   = note: inside `main` at $DIR/arg_inplace_observe_after.rs:LL:CC
 
 note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
 

src/tools/miri/tests/fail/unaligned_pointers/dyn_alignment.rs

@@ -1,5 +1,5 @@
 // should find the bug even without, but gets masked by optimizations
-//@compile-flags: -Zmiri-disable-stacked-borrows -Zmir-opt-level=0 -Cdebug-assertions=no
+//@compile-flags: -Zmiri-disable-stacked-borrows -Cdebug-assertions=no
 //@normalize-stderr-test: "but found [0-9]+" -> "but found $$ALIGN"
 
 #[repr(align(256))]

src/tools/miri/tests/fail/unaligned_pointers/unaligned_ptr_zst.rs

@@ -1,6 +1,5 @@
 // This should fail even without validation
-// Some optimizations remove ZST accesses, thus masking this UB.
-//@compile-flags: -Zmir-opt-level=0 -Zmiri-disable-validation -Cdebug-assertions=no
+//@compile-flags: -Zmiri-disable-validation -Cdebug-assertions=no
 
 fn main() {
     // Try many times as this might work by chance.

src/tools/miri/tests/fail/validity/nonzero.rs

@@ -1,5 +1,3 @@
-// gets masked by optimizations
-//@compile-flags: -Zmir-opt-level=0
 #![feature(rustc_attrs)]
 #![allow(unused_attributes)]
 

src/tools/miri/tests/fail/zst2.rs

@@ -1,6 +1,3 @@
-// Some optimizations remove ZST accesses, thus masking this UB.
-//@compile-flags: -Zmir-opt-level=0
-
 fn main() {
     // Not using the () type here, as writes of that type do not even have MIR generated.
     // Also not assigning directly as that's array initialization, not assignment.

src/tools/miri/tests/fail/zst3.rs

@@ -1,6 +1,3 @@
-// Some optimizations remove ZST accesses, thus masking this UB.
-//@compile-flags: -Zmir-opt-level=0
-
 fn main() {
     // Not using the () type here, as writes of that type do not even have MIR generated.
     // Also not assigning directly as that's array initialization, not assignment.