1 use std::fmt::{self, Display};
4 use crate::ty::layout::{self, HasDataLayout, Size};
5 use rustc_macros::HashStable;
7 use super::{AllocId, InterpResult};
9 /// Used by `check_in_alloc` to indicate context of check
10 #[derive(Debug, Copy, Clone, RustcEncodable, RustcDecodable, HashStable)]
11 pub enum CheckInAllocMsg {
14 PointerArithmeticTest,
18 impl Display for CheckInAllocMsg {
19 /// When this is printed as an error the context looks like this
20 /// "{test name} failed: pointer must be in-bounds at offset..."
21 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
22 write!(f, "{}", match *self {
23 CheckInAllocMsg::MemoryAccessTest => "Memory access",
24 CheckInAllocMsg::NullPointerTest => "Null pointer test",
25 CheckInAllocMsg::PointerArithmeticTest => "Pointer arithmetic",
26 CheckInAllocMsg::InboundsTest => "Inbounds test",
31 ////////////////////////////////////////////////////////////////////////////////
33 ////////////////////////////////////////////////////////////////////////////////
35 pub trait PointerArithmetic: layout::HasDataLayout {
36 // These are not supposed to be overridden.
39 fn pointer_size(&self) -> Size {
40 self.data_layout().pointer_size
43 /// Helper function: truncate given value-"overflowed flag" pair to pointer size and
44 /// update "overflowed flag" if there was an overflow.
45 /// This should be called by all the other methods before returning!
47 fn truncate_to_ptr(&self, (val, over): (u64, bool)) -> (u64, bool) {
48 let val = val as u128;
49 let max_ptr_plus_1 = 1u128 << self.pointer_size().bits();
50 ((val % max_ptr_plus_1) as u64, over || val >= max_ptr_plus_1)
54 fn overflowing_offset(&self, val: u64, i: u64) -> (u64, bool) {
55 let res = val.overflowing_add(i);
56 self.truncate_to_ptr(res)
59 // Overflow checking only works properly on the range from -u64 to +u64.
61 fn overflowing_signed_offset(&self, val: u64, i: i128) -> (u64, bool) {
62 // FIXME: is it possible to over/underflow here?
64 // Trickery to ensure that i64::min_value() works fine: compute n = -i.
65 // This formula only works for true negative values, it overflows for zero!
66 let n = u64::max_value() - (i as u64) + 1;
67 let res = val.overflowing_sub(n);
68 self.truncate_to_ptr(res)
70 self.overflowing_offset(val, i as u64)
75 fn offset<'tcx>(&self, val: u64, i: u64) -> InterpResult<'tcx, u64> {
76 let (res, over) = self.overflowing_offset(val, i);
77 if over { err_panic!(Overflow(mir::BinOp::Add)) } else { Ok(res) }
81 fn signed_offset<'tcx>(&self, val: u64, i: i64) -> InterpResult<'tcx, u64> {
82 let (res, over) = self.overflowing_signed_offset(val, i128::from(i));
83 if over { err_panic!(Overflow(mir::BinOp::Add)) } else { Ok(res) }
87 impl<T: layout::HasDataLayout> PointerArithmetic for T {}
90 /// Pointer is generic over the type that represents a reference to Allocations,
91 /// thus making it possible for the most convenient representation to be used in
94 /// Defaults to the index based and loosely coupled AllocId.
96 /// Pointer is also generic over the `Tag` associated with each pointer,
97 /// which is used to do provenance tracking during execution.
98 #[derive(Copy, Clone, Eq, PartialEq, Ord, PartialOrd,
99 RustcEncodable, RustcDecodable, Hash, HashStable)]
100 pub struct Pointer<Tag=(),Id=AllocId> {
106 static_assert_size!(Pointer, 16);
108 impl<Tag: fmt::Debug, Id: fmt::Debug> fmt::Debug for Pointer<Tag, Id> {
109 default fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
110 write!(f, "{:?}.{:#x}[{:?}]", self.alloc_id, self.offset.bytes(), self.tag)
113 // Specialization for no tag
114 impl<Id: fmt::Debug> fmt::Debug for Pointer<(), Id> {
115 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
116 write!(f, "{:?}.{:#x}", self.alloc_id, self.offset.bytes())
120 /// Produces a `Pointer` which points to the beginning of the Allocation
121 impl From<AllocId> for Pointer {
123 fn from(alloc_id: AllocId) -> Self {
124 Pointer::new(alloc_id, Size::ZERO)
130 pub fn new(alloc_id: AllocId, offset: Size) -> Self {
131 Pointer { alloc_id, offset, tag: () }
135 pub fn with_tag<Tag>(self, tag: Tag) -> Pointer<Tag>
137 Pointer::new_with_tag(self.alloc_id, self.offset, tag)
141 impl<'tcx, Tag> Pointer<Tag> {
143 pub fn new_with_tag(alloc_id: AllocId, offset: Size, tag: Tag) -> Self {
144 Pointer { alloc_id, offset, tag }
148 pub fn offset(self, i: Size, cx: &impl HasDataLayout) -> InterpResult<'tcx, Self> {
149 Ok(Pointer::new_with_tag(
151 Size::from_bytes(cx.data_layout().offset(self.offset.bytes(), i.bytes())?),
157 pub fn overflowing_offset(self, i: Size, cx: &impl HasDataLayout) -> (Self, bool) {
158 let (res, over) = cx.data_layout().overflowing_offset(self.offset.bytes(), i.bytes());
159 (Pointer::new_with_tag(self.alloc_id, Size::from_bytes(res), self.tag), over)
163 pub fn wrapping_offset(self, i: Size, cx: &impl HasDataLayout) -> Self {
164 self.overflowing_offset(i, cx).0
168 pub fn signed_offset(self, i: i64, cx: &impl HasDataLayout) -> InterpResult<'tcx, Self> {
169 Ok(Pointer::new_with_tag(
171 Size::from_bytes(cx.data_layout().signed_offset(self.offset.bytes(), i)?),
177 pub fn overflowing_signed_offset(self, i: i128, cx: &impl HasDataLayout) -> (Self, bool) {
178 let (res, over) = cx.data_layout().overflowing_signed_offset(self.offset.bytes(), i);
179 (Pointer::new_with_tag(self.alloc_id, Size::from_bytes(res), self.tag), over)
183 pub fn wrapping_signed_offset(self, i: i64, cx: &impl HasDataLayout) -> Self {
184 self.overflowing_signed_offset(i128::from(i), cx).0
188 pub fn erase_tag(self) -> Pointer {
189 Pointer { alloc_id: self.alloc_id, offset: self.offset, tag: () }
193 pub fn check_in_alloc(
195 allocation_size: Size,
196 msg: CheckInAllocMsg,
197 ) -> InterpResult<'tcx, ()> {
198 if self.offset > allocation_size {
199 err!(PointerOutOfBounds { ptr: self.erase_tag(), msg, allocation_size })