1 use std::{collections::hash_map::Entry, iter};
5 use rustc_apfloat::Float;
6 use rustc_ast::expand::allocator::AllocatorKind;
9 def_id::{CrateNum, DefId, LOCAL_CRATE},
11 use rustc_middle::middle::{
12 codegen_fn_attrs::CodegenFnAttrFlags, dependency_format::Linkage,
13 exported_symbols::ExportedSymbol,
15 use rustc_middle::mir;
17 use rustc_session::config::CrateType;
18 use rustc_span::Symbol;
24 use super::backtrace::EvalContextExt as _;
25 use crate::helpers::{convert::Truncate, target_os_is_unix};
28 /// Returned by `emulate_foreign_item_by_name`.
29 pub enum EmulateByNameResult<'mir, 'tcx> {
30 /// The caller is expected to jump to the return block.
32 /// Jumping has already been taken care of.
34 /// A MIR body has been found for the function
35 MirBody(&'mir mir::Body<'tcx>, ty::Instance<'tcx>),
36 /// The item is not supported.
40 impl<'mir, 'tcx: 'mir> EvalContextExt<'mir, 'tcx> for crate::MiriEvalContext<'mir, 'tcx> {}
41 pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx> {
42 /// Returns the minimum alignment for the target architecture for allocations of the given size.
43 fn min_align(&self, size: u64, kind: MiriMemoryKind) -> Align {
44 let this = self.eval_context_ref();
45 // List taken from `library/std/src/sys/common/alloc.rs`.
46 // This list should be kept in sync with the one from libstd.
47 let min_align = match this.tcx.sess.target.arch.as_ref() {
48 "x86" | "arm" | "mips" | "powerpc" | "powerpc64" | "asmjs" | "wasm32" => 8,
49 "x86_64" | "aarch64" | "mips64" | "s390x" | "sparc64" => 16,
50 arch => bug!("Unsupported target architecture: {}", arch),
52 // Windows always aligns, even small allocations.
53 // Source: <https://support.microsoft.com/en-us/help/286470/how-to-use-pageheap-exe-in-windows-xp-windows-2000-and-windows-server>
54 // But jemalloc does not, so for the C heap we only align if the allocation is sufficiently big.
55 if kind == MiriMemoryKind::WinHeap || size >= min_align {
56 return Align::from_bytes(min_align).unwrap();
58 // We have `size < min_align`. Round `size` *down* to the next power of two and use that.
59 fn prev_power_of_two(x: u64) -> u64 {
60 let next_pow2 = x.next_power_of_two();
62 // x *is* a power of two, just use that.
65 // x is between two powers, so next = 2*prev.
69 Align::from_bytes(prev_power_of_two(size)).unwrap()
77 ) -> InterpResult<'tcx, Pointer<Option<Tag>>> {
78 let this = self.eval_context_mut();
82 let align = this.min_align(size, kind);
83 let ptr = this.allocate_ptr(Size::from_bytes(size), align, kind.into())?;
85 // We just allocated this, the access is definitely in-bounds.
86 this.write_bytes_ptr(ptr.into(), iter::repeat(0u8).take(size as usize)).unwrap();
92 fn free(&mut self, ptr: Pointer<Option<Tag>>, kind: MiriMemoryKind) -> InterpResult<'tcx> {
93 let this = self.eval_context_mut();
94 if !this.ptr_is_null(ptr)? {
95 this.deallocate_ptr(ptr, None, kind.into())?;
102 old_ptr: Pointer<Option<Tag>>,
104 kind: MiriMemoryKind,
105 ) -> InterpResult<'tcx, Pointer<Option<Tag>>> {
106 let this = self.eval_context_mut();
107 let new_align = this.min_align(new_size, kind);
108 if this.ptr_is_null(old_ptr)? {
113 this.allocate_ptr(Size::from_bytes(new_size), new_align, kind.into())?;
118 this.deallocate_ptr(old_ptr, None, kind.into())?;
121 let new_ptr = this.reallocate_ptr(
124 Size::from_bytes(new_size),
133 /// Lookup the body of a function that has `link_name` as the symbol name.
134 fn lookup_exported_symbol(
137 ) -> InterpResult<'tcx, Option<(&'mir mir::Body<'tcx>, ty::Instance<'tcx>)>> {
138 let this = self.eval_context_mut();
139 let tcx = this.tcx.tcx;
141 // If the result was cached, just return it.
142 // (Cannot use `or_insert` since the code below might have to throw an error.)
143 let entry = this.machine.exported_symbols_cache.entry(link_name);
144 let instance = *match entry {
145 Entry::Occupied(e) => e.into_mut(),
146 Entry::Vacant(e) => {
147 // Find it if it was not cached.
148 let mut instance_and_crate: Option<(ty::Instance<'_>, CrateNum)> = None;
149 // `dependency_formats` includes all the transitive informations needed to link a crate,
150 // which is what we need here since we need to dig out `exported_symbols` from all transitive
152 let dependency_formats = tcx.dependency_formats(());
153 let dependency_format = dependency_formats
155 .find(|(crate_type, _)| *crate_type == CrateType::Executable)
156 .expect("interpreting a non-executable crate");
157 for cnum in iter::once(LOCAL_CRATE).chain(
158 dependency_format.1.iter().enumerate().filter_map(|(num, &linkage)| {
159 (linkage != Linkage::NotLinked).then_some(CrateNum::new(num + 1))
162 // We can ignore `_export_info` here: we are a Rust crate, and everything is exported
163 // from a Rust crate.
164 for &(symbol, _export_info) in tcx.exported_symbols(cnum) {
165 if let ExportedSymbol::NonGeneric(def_id) = symbol {
166 let attrs = tcx.codegen_fn_attrs(def_id);
167 let symbol_name = if let Some(export_name) = attrs.export_name {
169 } else if attrs.flags.contains(CodegenFnAttrFlags::NO_MANGLE) {
170 tcx.item_name(def_id)
172 // Skip over items without an explicitly defined symbol name.
175 if symbol_name == link_name {
176 if let Some((original_instance, original_cnum)) = instance_and_crate
178 // Make sure we are consistent wrt what is 'first' and 'second'.
180 tcx.def_span(original_instance.def_id()).data();
181 let span = tcx.def_span(def_id).data();
182 if original_span < span {
184 TerminationInfo::MultipleSymbolDefinitions {
186 first: original_span,
187 first_crate: tcx.crate_name(original_cnum),
189 second_crate: tcx.crate_name(cnum),
194 TerminationInfo::MultipleSymbolDefinitions {
197 first_crate: tcx.crate_name(cnum),
198 second: original_span,
199 second_crate: tcx.crate_name(original_cnum),
204 if !matches!(tcx.def_kind(def_id), DefKind::Fn | DefKind::AssocFn) {
206 "attempt to call an exported symbol that is not defined as a function"
209 instance_and_crate = Some((ty::Instance::mono(tcx, def_id), cnum));
215 e.insert(instance_and_crate.map(|ic| ic.0))
219 None => Ok(None), // no symbol with this name
220 Some(instance) => Ok(Some((this.load_mir(instance.def, None)?, instance))),
224 /// Emulates calling a foreign item, failing if the item is not supported.
225 /// This function will handle `goto_block` if needed.
226 /// Returns Ok(None) if the foreign item was completely handled
227 /// by this function.
228 /// Returns Ok(Some(body)) if processing the foreign item
229 /// is delegated to another function.
230 fn emulate_foreign_item(
234 args: &[OpTy<'tcx, Tag>],
235 dest: &PlaceTy<'tcx, Tag>,
236 ret: Option<mir::BasicBlock>,
237 unwind: StackPopUnwind,
238 ) -> InterpResult<'tcx, Option<(&'mir mir::Body<'tcx>, ty::Instance<'tcx>)>> {
239 let this = self.eval_context_mut();
240 let link_name = this.item_link_name(def_id);
241 let tcx = this.tcx.tcx;
243 // First: functions that diverge.
244 let ret = match ret {
246 match link_name.as_str() {
247 "miri_start_panic" => {
248 // `check_shim` happens inside `handle_miri_start_panic`.
249 this.handle_miri_start_panic(abi, link_name, args, unwind)?;
252 // This matches calls to the foreign item `panic_impl`.
253 // The implementation is provided by the function with the `#[panic_handler]` attribute.
255 // We don't use `check_shim` here because we are just forwarding to the lang
256 // item. Argument count checking will be performed when the returned `Body` is
258 this.check_abi_and_shim_symbol_clash(abi, Abi::Rust, link_name)?;
259 let panic_impl_id = tcx.lang_items().panic_impl().unwrap();
260 let panic_impl_instance = ty::Instance::mono(tcx, panic_impl_id);
262 this.load_mir(panic_impl_instance.def, None)?,
270 let exp_abi = if link_name.as_str() == "exit" {
271 Abi::C { unwind: false }
273 Abi::System { unwind: false }
275 let [code] = this.check_shim(abi, exp_abi, link_name, args)?;
276 // it's really u32 for ExitProcess, but we have to put it into the `Exit` variant anyway
277 let code = this.read_scalar(code)?.to_i32()?;
278 throw_machine_stop!(TerminationInfo::Exit(code.into()));
281 let [] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
282 throw_machine_stop!(TerminationInfo::Abort(
283 "the program aborted execution".to_owned()
287 if let Some(body) = this.lookup_exported_symbol(link_name)? {
288 return Ok(Some(body));
290 this.handle_unsupported(format!(
291 "can't call (diverging) foreign function: {}",
300 // Second: functions that return.
301 match this.emulate_foreign_item_by_name(link_name, abi, args, dest, ret)? {
302 EmulateByNameResult::NeedsJumping => {
303 trace!("{:?}", this.dump_place(**dest));
304 this.go_to_block(ret);
306 EmulateByNameResult::AlreadyJumped => (),
307 EmulateByNameResult::MirBody(mir, instance) => return Ok(Some((mir, instance))),
308 EmulateByNameResult::NotSupported => {
309 if let Some(body) = this.lookup_exported_symbol(link_name)? {
310 return Ok(Some(body));
313 this.handle_unsupported(format!("can't call foreign function: {}", link_name))?;
321 /// Emulates calling the internal __rust_* allocator functions
322 fn emulate_allocator(
325 default: impl FnOnce(&mut MiriEvalContext<'mir, 'tcx>) -> InterpResult<'tcx>,
326 ) -> InterpResult<'tcx, EmulateByNameResult<'mir, 'tcx>> {
327 let this = self.eval_context_mut();
329 let allocator_kind = if let Some(allocator_kind) = this.tcx.allocator_kind(()) {
332 // in real code, this symbol does not exist without an allocator
333 return Ok(EmulateByNameResult::NotSupported);
336 match allocator_kind {
337 AllocatorKind::Global => {
338 let (body, instance) = this
339 .lookup_exported_symbol(symbol)?
340 .expect("symbol should be present if there is a global allocator");
342 Ok(EmulateByNameResult::MirBody(body, instance))
344 AllocatorKind::Default => {
346 Ok(EmulateByNameResult::NeedsJumping)
351 /// Emulates calling a foreign item using its name.
352 fn emulate_foreign_item_by_name(
356 args: &[OpTy<'tcx, Tag>],
357 dest: &PlaceTy<'tcx, Tag>,
358 ret: mir::BasicBlock,
359 ) -> InterpResult<'tcx, EmulateByNameResult<'mir, 'tcx>> {
360 let this = self.eval_context_mut();
362 // Here we dispatch all the shims for foreign functions. If you have a platform specific
363 // shim, add it to the corresponding submodule.
364 match link_name.as_str() {
365 // Miri-specific extern functions
366 "miri_static_root" => {
367 let [ptr] = this.check_shim(abi, Abi::Rust, link_name, args)?;
368 let ptr = this.read_pointer(ptr)?;
369 let (alloc_id, offset, _) = this.ptr_get_alloc_id(ptr)?;
370 if offset != Size::ZERO {
371 throw_unsup_format!("pointer passed to miri_static_root must point to beginning of an allocated block");
373 this.machine.static_roots.push(alloc_id);
376 // Obtains the size of a Miri backtrace. See the README for details.
377 "miri_backtrace_size" => {
378 this.handle_miri_backtrace_size(abi, link_name, args, dest)?;
381 // Obtains a Miri backtrace. See the README for details.
382 "miri_get_backtrace" => {
383 // `check_shim` happens inside `handle_miri_get_backtrace`.
384 this.handle_miri_get_backtrace(abi, link_name, args, dest)?;
387 // Resolves a Miri backtrace frame. See the README for details.
388 "miri_resolve_frame" => {
389 // `check_shim` happens inside `handle_miri_resolve_frame`.
390 this.handle_miri_resolve_frame(abi, link_name, args, dest)?;
393 // Writes the function and file names of a Miri backtrace frame into a user provided buffer. See the README for details.
394 "miri_resolve_frame_names" => {
395 this.handle_miri_resolve_frame_names(abi, link_name, args)?;
398 // Standard C allocation
400 let [size] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
401 let size = this.read_scalar(size)?.to_machine_usize(this)?;
402 let res = this.malloc(size, /*zero_init:*/ false, MiriMemoryKind::C)?;
403 this.write_pointer(res, dest)?;
406 let [items, len] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
407 let items = this.read_scalar(items)?.to_machine_usize(this)?;
408 let len = this.read_scalar(len)?.to_machine_usize(this)?;
410 items.checked_mul(len).ok_or_else(|| err_ub_format!("overflow during calloc size computation"))?;
411 let res = this.malloc(size, /*zero_init:*/ true, MiriMemoryKind::C)?;
412 this.write_pointer(res, dest)?;
415 let [ptr] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
416 let ptr = this.read_pointer(ptr)?;
417 this.free(ptr, MiriMemoryKind::C)?;
420 let [old_ptr, new_size] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
421 let old_ptr = this.read_pointer(old_ptr)?;
422 let new_size = this.read_scalar(new_size)?.to_machine_usize(this)?;
423 let res = this.realloc(old_ptr, new_size, MiriMemoryKind::C)?;
424 this.write_pointer(res, dest)?;
429 let [size, align] = this.check_shim(abi, Abi::Rust, link_name, args)?;
430 let size = this.read_scalar(size)?.to_machine_usize(this)?;
431 let align = this.read_scalar(align)?.to_machine_usize(this)?;
433 return this.emulate_allocator(Symbol::intern("__rg_alloc"), |this| {
434 Self::check_alloc_request(size, align)?;
436 let ptr = this.allocate_ptr(
437 Size::from_bytes(size),
438 Align::from_bytes(align).unwrap(),
439 MiriMemoryKind::Rust.into(),
442 this.write_pointer(ptr, dest)
445 "__rust_alloc_zeroed" => {
446 let [size, align] = this.check_shim(abi, Abi::Rust, link_name, args)?;
447 let size = this.read_scalar(size)?.to_machine_usize(this)?;
448 let align = this.read_scalar(align)?.to_machine_usize(this)?;
450 return this.emulate_allocator(Symbol::intern("__rg_alloc_zeroed"), |this| {
451 Self::check_alloc_request(size, align)?;
453 let ptr = this.allocate_ptr(
454 Size::from_bytes(size),
455 Align::from_bytes(align).unwrap(),
456 MiriMemoryKind::Rust.into(),
459 // We just allocated this, the access is definitely in-bounds.
460 this.write_bytes_ptr(ptr.into(), iter::repeat(0u8).take(usize::try_from(size).unwrap())).unwrap();
461 this.write_pointer(ptr, dest)
464 "__rust_dealloc" => {
465 let [ptr, old_size, align] = this.check_shim(abi, Abi::Rust, link_name, args)?;
466 let ptr = this.read_pointer(ptr)?;
467 let old_size = this.read_scalar(old_size)?.to_machine_usize(this)?;
468 let align = this.read_scalar(align)?.to_machine_usize(this)?;
470 return this.emulate_allocator(Symbol::intern("__rg_dealloc"), |this| {
471 // No need to check old_size/align; we anyway check that they match the allocation.
474 Some((Size::from_bytes(old_size), Align::from_bytes(align).unwrap())),
475 MiriMemoryKind::Rust.into(),
479 "__rust_realloc" => {
480 let [ptr, old_size, align, new_size] = this.check_shim(abi, Abi::Rust, link_name, args)?;
481 let ptr = this.read_pointer(ptr)?;
482 let old_size = this.read_scalar(old_size)?.to_machine_usize(this)?;
483 let align = this.read_scalar(align)?.to_machine_usize(this)?;
484 let new_size = this.read_scalar(new_size)?.to_machine_usize(this)?;
485 // No need to check old_size; we anyway check that they match the allocation.
487 return this.emulate_allocator(Symbol::intern("__rg_realloc"), |this| {
488 Self::check_alloc_request(new_size, align)?;
490 let align = Align::from_bytes(align).unwrap();
491 let new_ptr = this.reallocate_ptr(
493 Some((Size::from_bytes(old_size), align)),
494 Size::from_bytes(new_size),
496 MiriMemoryKind::Rust.into(),
498 this.write_pointer(new_ptr, dest)
502 // C memory handling functions
504 let [left, right, n] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
505 let left = this.read_pointer(left)?;
506 let right = this.read_pointer(right)?;
507 let n = Size::from_bytes(this.read_scalar(n)?.to_machine_usize(this)?);
510 let left_bytes = this.read_bytes_ptr(left, n)?;
511 let right_bytes = this.read_bytes_ptr(right, n)?;
513 use std::cmp::Ordering::*;
514 match left_bytes.cmp(right_bytes) {
521 this.write_scalar(Scalar::from_i32(result), dest)?;
524 let [ptr, val, num] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
525 let ptr = this.read_pointer(ptr)?;
526 let val = this.read_scalar(val)?.to_i32()? as u8;
527 let num = this.read_scalar(num)?.to_machine_usize(this)?;
528 if let Some(idx) = this
529 .read_bytes_ptr(ptr, Size::from_bytes(num))?
532 .position(|&c| c == val)
534 let new_ptr = ptr.offset(Size::from_bytes(num - idx as u64 - 1), this)?;
535 this.write_pointer(new_ptr, dest)?;
537 this.write_null(dest)?;
541 let [ptr, val, num] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
542 let ptr = this.read_pointer(ptr)?;
543 let val = this.read_scalar(val)?.to_i32()? as u8;
544 let num = this.read_scalar(num)?.to_machine_usize(this)?;
546 .read_bytes_ptr(ptr, Size::from_bytes(num))?
548 .position(|&c| c == val);
549 if let Some(idx) = idx {
550 let new_ptr = ptr.offset(Size::from_bytes(idx as u64), this)?;
551 this.write_pointer(new_ptr, dest)?;
553 this.write_null(dest)?;
557 let [ptr] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
558 let ptr = this.read_pointer(ptr)?;
559 let n = this.read_c_str(ptr)?.len();
560 this.write_scalar(Scalar::from_machine_usize(u64::try_from(n).unwrap(), this), dest)?;
573 let [f] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
574 // FIXME: Using host floats.
575 let f = f32::from_bits(this.read_scalar(f)?.to_u32()?);
576 let f = match link_name.as_str() {
586 this.write_scalar(Scalar::from_u32(f.to_bits()), dest)?;
593 let [f1, f2] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
594 // underscore case for windows, here and below
595 // (see https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/floating-point-primitives?view=vs-2019)
596 // FIXME: Using host floats.
597 let f1 = f32::from_bits(this.read_scalar(f1)?.to_u32()?);
598 let f2 = f32::from_bits(this.read_scalar(f2)?.to_u32()?);
599 let n = match link_name.as_str() {
600 "_hypotf" | "hypotf" => f1.hypot(f2),
601 "atan2f" => f1.atan2(f2),
604 this.write_scalar(Scalar::from_u32(n.to_bits()), dest)?;
615 let [f] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
616 // FIXME: Using host floats.
617 let f = f64::from_bits(this.read_scalar(f)?.to_u64()?);
618 let f = match link_name.as_str() {
628 this.write_scalar(Scalar::from_u64(f.to_bits()), dest)?;
635 let [f1, f2] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
636 // FIXME: Using host floats.
637 let f1 = f64::from_bits(this.read_scalar(f1)?.to_u64()?);
638 let f2 = f64::from_bits(this.read_scalar(f2)?.to_u64()?);
639 let n = match link_name.as_str() {
640 "_hypot" | "hypot" => f1.hypot(f2),
641 "atan2" => f1.atan2(f2),
644 this.write_scalar(Scalar::from_u64(n.to_bits()), dest)?;
651 let [x, exp] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
652 // For radix-2 (binary) systems, `ldexp` and `scalbn` are the same.
653 let x = this.read_scalar(x)?.to_f64()?;
654 let exp = this.read_scalar(exp)?.to_i32()?;
656 // Saturating cast to i16. Even those are outside the valid exponent range to
657 // `scalbn` below will do its over/underflow handling.
658 let exp = if exp > i32::from(i16::MAX) {
660 } else if exp < i32::from(i16::MIN) {
663 exp.try_into().unwrap()
666 let res = x.scalbn(exp);
667 this.write_scalar(Scalar::from_f64(res), dest)?;
670 // Architecture-specific shims
671 "llvm.x86.addcarry.64" if this.tcx.sess.target.arch == "x86_64" => {
672 // Computes u8+u64+u64, returning tuple (u8,u64) comprising the output carry and truncated sum.
673 let [c_in, a, b] = this.check_shim(abi, Abi::Unadjusted, link_name, args)?;
674 let c_in = this.read_scalar(c_in)?.to_u8()?;
675 let a = this.read_scalar(a)?.to_u64()?;
676 let b = this.read_scalar(b)?.to_u64()?;
678 let wide_sum = u128::from(c_in) + u128::from(a) + u128::from(b);
679 let (c_out, sum) = ((wide_sum >> 64).truncate::<u8>(), wide_sum.truncate::<u64>());
681 let c_out_field = this.place_field(dest, 0)?;
682 this.write_scalar(Scalar::from_u8(c_out), &c_out_field)?;
683 let sum_field = this.place_field(dest, 1)?;
684 this.write_scalar(Scalar::from_u64(sum), &sum_field)?;
686 "llvm.x86.sse2.pause" if this.tcx.sess.target.arch == "x86" || this.tcx.sess.target.arch == "x86_64" => {
687 let [] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
688 this.yield_active_thread();
690 "llvm.aarch64.isb" if this.tcx.sess.target.arch == "aarch64" => {
691 let [arg] = this.check_shim(abi, Abi::Unadjusted, link_name, args)?;
692 let arg = this.read_scalar(arg)?.to_i32()?;
694 15 => { // SY ("full system scope")
695 this.yield_active_thread();
698 throw_unsup_format!("unsupported llvm.aarch64.isb argument {}", arg);
703 // Platform-specific shims
704 _ => match this.tcx.sess.target.os.as_ref() {
705 target if target_os_is_unix(target) => return shims::unix::foreign_items::EvalContextExt::emulate_foreign_item_by_name(this, link_name, abi, args, dest, ret),
706 "windows" => return shims::windows::foreign_items::EvalContextExt::emulate_foreign_item_by_name(this, link_name, abi, args, dest, ret),
707 target => throw_unsup_format!("the target `{}` is not supported", target),
711 // We only fall through to here if we did *not* hit the `_` arm above,
712 // i.e., if we actually emulated the function.
713 Ok(EmulateByNameResult::NeedsJumping)
716 /// Check some basic requirements for this allocation request:
717 /// non-zero size, power-of-two alignment.
718 fn check_alloc_request(size: u64, align: u64) -> InterpResult<'tcx> {
720 throw_ub_format!("creating allocation with size 0");
722 if !align.is_power_of_two() {
723 throw_ub_format!("creating allocation with non-power-of-two alignment {}", align);