2 convert::{TryFrom, TryInto},
8 use rustc_apfloat::Float;
9 use rustc_ast::expand::allocator::AllocatorKind;
12 def_id::{CrateNum, DefId, LOCAL_CRATE},
14 use rustc_middle::middle::{
15 codegen_fn_attrs::CodegenFnAttrFlags, dependency_format::Linkage,
16 exported_symbols::ExportedSymbol,
18 use rustc_middle::mir;
20 use rustc_session::config::CrateType;
21 use rustc_span::{symbol::sym, Symbol};
27 use super::backtrace::EvalContextExt as _;
30 /// Returned by `emulate_foreign_item_by_name`.
31 pub enum EmulateByNameResult<'mir, 'tcx> {
32 /// The caller is expected to jump to the return block.
34 /// Jumping has already been taken care of.
36 /// A MIR body has been found for the function
37 MirBody(&'mir mir::Body<'tcx>),
38 /// The item is not supported.
42 impl<'mir, 'tcx: 'mir> EvalContextExt<'mir, 'tcx> for crate::MiriEvalContext<'mir, 'tcx> {}
43 pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx> {
44 /// Returns the minimum alignment for the target architecture for allocations of the given size.
45 fn min_align(&self, size: u64, kind: MiriMemoryKind) -> Align {
46 let this = self.eval_context_ref();
47 // List taken from `libstd/sys_common/alloc.rs`.
48 let min_align = match this.tcx.sess.target.arch.as_str() {
49 "x86" | "arm" | "mips" | "powerpc" | "powerpc64" | "asmjs" | "wasm32" => 8,
50 "x86_64" | "aarch64" | "mips64" | "s390x" | "sparc64" => 16,
51 arch => bug!("Unsupported target architecture: {}", arch),
53 // Windows always aligns, even small allocations.
54 // Source: <https://support.microsoft.com/en-us/help/286470/how-to-use-pageheap-exe-in-windows-xp-windows-2000-and-windows-server>
55 // But jemalloc does not, so for the C heap we only align if the allocation is sufficiently big.
56 if kind == MiriMemoryKind::WinHeap || size >= min_align {
57 return Align::from_bytes(min_align).unwrap();
59 // We have `size < min_align`. Round `size` *down* to the next power of two and use that.
60 fn prev_power_of_two(x: u64) -> u64 {
61 let next_pow2 = x.next_power_of_two();
63 // x *is* a power of two, just use that.
66 // x is between two powers, so next = 2*prev.
70 Align::from_bytes(prev_power_of_two(size)).unwrap()
78 ) -> InterpResult<'tcx, Pointer<Option<Tag>>> {
79 let this = self.eval_context_mut();
83 let align = this.min_align(size, kind);
84 let ptr = this.memory.allocate(Size::from_bytes(size), align, kind.into())?;
86 // We just allocated this, the access is definitely in-bounds.
87 this.memory.write_bytes(ptr.into(), iter::repeat(0u8).take(size as usize)).unwrap();
93 fn free(&mut self, ptr: Pointer<Option<Tag>>, kind: MiriMemoryKind) -> InterpResult<'tcx> {
94 let this = self.eval_context_mut();
95 if !this.ptr_is_null(ptr)? {
96 this.memory.deallocate(ptr, None, kind.into())?;
103 old_ptr: Pointer<Option<Tag>>,
105 kind: MiriMemoryKind,
106 ) -> InterpResult<'tcx, Pointer<Option<Tag>>> {
107 let this = self.eval_context_mut();
108 let new_align = this.min_align(new_size, kind);
109 if this.ptr_is_null(old_ptr)? {
114 this.memory.allocate(Size::from_bytes(new_size), new_align, kind.into())?;
119 this.memory.deallocate(old_ptr, None, kind.into())?;
122 let new_ptr = this.memory.reallocate(
125 Size::from_bytes(new_size),
134 /// Lookup the body of a function that has `link_name` as the symbol name.
135 fn lookup_exported_symbol(
138 ) -> InterpResult<'tcx, Option<&'mir mir::Body<'tcx>>> {
139 let this = self.eval_context_mut();
140 let tcx = this.tcx.tcx;
142 // If the result was cached, just return it.
143 if let Some(instance) = this.machine.exported_symbols_cache.get(&link_name) {
144 return instance.map(|instance| this.load_mir(instance.def, None)).transpose();
147 // Find it if it was not cached.
148 let mut instance_and_crate: Option<(ty::Instance<'_>, CrateNum)> = None;
149 // `dependency_formats` includes all the transitive informations needed to link a crate,
150 // which is what we need here since we need to dig out `exported_symbols` from all transitive
152 let dependency_formats = tcx.dependency_formats(());
153 let dependency_format = dependency_formats
155 .find(|(crate_type, _)| *crate_type == CrateType::Executable)
156 .expect("interpreting a non-executable crate");
158 iter::once(LOCAL_CRATE).chain(dependency_format.1.iter().enumerate().filter_map(
159 |(num, &linkage)| (linkage != Linkage::NotLinked).then_some(CrateNum::new(num + 1)),
162 // We can ignore `_export_level` here: we are a Rust crate, and everything is exported
163 // from a Rust crate.
164 for &(symbol, _export_level) in tcx.exported_symbols(cnum) {
165 if let ExportedSymbol::NonGeneric(def_id) = symbol {
166 let attrs = tcx.codegen_fn_attrs(def_id);
167 let symbol_name = if let Some(export_name) = attrs.export_name {
169 } else if attrs.flags.contains(CodegenFnAttrFlags::NO_MANGLE) {
170 tcx.item_name(def_id)
172 // Skip over items without an explicitly defined symbol name.
175 if symbol_name == link_name {
176 if let Some((original_instance, original_cnum)) = instance_and_crate {
177 // Make sure we are consistent wrt what is 'first' and 'second'.
178 let original_span = tcx.def_span(original_instance.def_id()).data();
179 let span = tcx.def_span(def_id).data();
180 if original_span < span {
181 throw_machine_stop!(TerminationInfo::MultipleSymbolDefinitions {
183 first: original_span,
184 first_crate: tcx.crate_name(original_cnum),
186 second_crate: tcx.crate_name(cnum),
189 throw_machine_stop!(TerminationInfo::MultipleSymbolDefinitions {
192 first_crate: tcx.crate_name(cnum),
193 second: original_span,
194 second_crate: tcx.crate_name(original_cnum),
198 if !matches!(tcx.def_kind(def_id), DefKind::Fn | DefKind::AssocFn) {
200 "attempt to call an exported symbol that is not defined as a function"
203 instance_and_crate = Some((ty::Instance::mono(tcx, def_id), cnum));
209 let instance = instance_and_crate.map(|ic| ic.0);
210 // Cache it and load its MIR, if found.
211 this.machine.exported_symbols_cache.try_insert(link_name, instance).unwrap();
212 instance.map(|instance| this.load_mir(instance.def, None)).transpose()
215 /// Emulates calling a foreign item, failing if the item is not supported.
216 /// This function will handle `goto_block` if needed.
217 /// Returns Ok(None) if the foreign item was completely handled
218 /// by this function.
219 /// Returns Ok(Some(body)) if processing the foreign item
220 /// is delegated to another function.
221 fn emulate_foreign_item(
225 args: &[OpTy<'tcx, Tag>],
226 ret: Option<(&PlaceTy<'tcx, Tag>, mir::BasicBlock)>,
227 unwind: StackPopUnwind,
228 ) -> InterpResult<'tcx, Option<&'mir mir::Body<'tcx>>> {
229 let this = self.eval_context_mut();
230 let attrs = this.tcx.get_attrs(def_id);
234 .first_attr_value_str_by_name(&attrs, sym::link_name)
235 .unwrap_or_else(|| this.tcx.item_name(def_id));
236 let tcx = this.tcx.tcx;
238 // First: functions that diverge.
239 let (dest, ret) = match ret {
241 match &*link_name.as_str() {
242 "miri_start_panic" => {
243 // `check_shim` happens inside `handle_miri_start_panic`.
244 this.handle_miri_start_panic(abi, link_name, args, unwind)?;
247 // This matches calls to the foreign item `panic_impl`.
248 // The implementation is provided by the function with the `#[panic_handler]` attribute.
250 // We don't use `check_shim` here because we are just forwarding to the lang
251 // item. Argument count checking will be performed when the returned `Body` is
253 this.check_abi_and_shim_symbol_clash(abi, Abi::Rust, link_name)?;
254 let panic_impl_id = tcx.lang_items().panic_impl().unwrap();
255 let panic_impl_instance = ty::Instance::mono(tcx, panic_impl_id);
256 return Ok(Some(&*this.load_mir(panic_impl_instance.def, None)?));
262 let exp_abi = if link_name.as_str() == "exit" {
263 Abi::C { unwind: false }
265 Abi::System { unwind: false }
267 let &[ref code] = this.check_shim(abi, exp_abi, link_name, args)?;
268 // it's really u32 for ExitProcess, but we have to put it into the `Exit` variant anyway
269 let code = this.read_scalar(code)?.to_i32()?;
270 throw_machine_stop!(TerminationInfo::Exit(code.into()));
274 this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
275 throw_machine_stop!(TerminationInfo::Abort(
276 "the program aborted execution".to_owned()
280 if let Some(body) = this.lookup_exported_symbol(link_name)? {
281 return Ok(Some(body));
283 this.handle_unsupported(format!(
284 "can't call (diverging) foreign function: {}",
293 // Second: functions that return.
294 match this.emulate_foreign_item_by_name(link_name, abi, args, dest, ret)? {
295 EmulateByNameResult::NeedsJumping => {
296 trace!("{:?}", this.dump_place(**dest));
297 this.go_to_block(ret);
299 EmulateByNameResult::AlreadyJumped => (),
300 EmulateByNameResult::MirBody(mir) => return Ok(Some(mir)),
301 EmulateByNameResult::NotSupported => {
302 if let Some(body) = this.lookup_exported_symbol(link_name)? {
303 return Ok(Some(body));
306 this.handle_unsupported(format!("can't call foreign function: {}", link_name))?;
314 /// Emulates calling the internal __rust_* allocator functions
315 fn emulate_allocator(
318 default: impl FnOnce(&mut MiriEvalContext<'mir, 'tcx>) -> InterpResult<'tcx>,
319 ) -> InterpResult<'tcx, EmulateByNameResult<'mir, 'tcx>> {
320 let this = self.eval_context_mut();
322 let allocator_kind = if let Some(allocator_kind) = this.tcx.allocator_kind(()) {
325 // in real code, this symbol does not exist without an allocator
326 return Ok(EmulateByNameResult::NotSupported);
329 match allocator_kind {
330 AllocatorKind::Global => {
332 .lookup_exported_symbol(symbol)?
333 .expect("symbol should be present if there is a global allocator");
335 Ok(EmulateByNameResult::MirBody(body))
337 AllocatorKind::Default => {
339 Ok(EmulateByNameResult::NeedsJumping)
344 /// Emulates calling a foreign item using its name.
345 fn emulate_foreign_item_by_name(
349 args: &[OpTy<'tcx, Tag>],
350 dest: &PlaceTy<'tcx, Tag>,
351 ret: mir::BasicBlock,
352 ) -> InterpResult<'tcx, EmulateByNameResult<'mir, 'tcx>> {
353 let this = self.eval_context_mut();
355 // Here we dispatch all the shims for foreign functions. If you have a platform specific
356 // shim, add it to the corresponding submodule.
357 match &*link_name.as_str() {
358 // Miri-specific extern functions
359 "miri_static_root" => {
360 let &[ref ptr] = this.check_shim(abi, Abi::Rust, link_name, args)?;
361 let ptr = this.read_pointer(ptr)?;
362 let (alloc_id, offset, _) = this.memory.ptr_get_alloc(ptr)?;
363 if offset != Size::ZERO {
364 throw_unsup_format!("pointer passed to miri_static_root must point to beginning of an allocated block");
366 this.machine.static_roots.push(alloc_id);
369 // Obtains a Miri backtrace. See the README for details.
370 "miri_get_backtrace" => {
371 // `check_shim` happens inside `handle_miri_get_backtrace`.
372 this.handle_miri_get_backtrace(abi, link_name, args, dest)?;
375 // Resolves a Miri backtrace frame. See the README for details.
376 "miri_resolve_frame" => {
377 // `check_shim` happens inside `handle_miri_resolve_frame`.
378 this.handle_miri_resolve_frame(abi, link_name, args, dest)?;
382 // Standard C allocation
384 let &[ref size] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
385 let size = this.read_scalar(size)?.to_machine_usize(this)?;
386 let res = this.malloc(size, /*zero_init:*/ false, MiriMemoryKind::C)?;
387 this.write_pointer(res, dest)?;
390 let &[ref items, ref len] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
391 let items = this.read_scalar(items)?.to_machine_usize(this)?;
392 let len = this.read_scalar(len)?.to_machine_usize(this)?;
394 items.checked_mul(len).ok_or_else(|| err_ub_format!("overflow during calloc size computation"))?;
395 let res = this.malloc(size, /*zero_init:*/ true, MiriMemoryKind::C)?;
396 this.write_pointer(res, dest)?;
399 let &[ref ptr] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
400 let ptr = this.read_pointer(ptr)?;
401 this.free(ptr, MiriMemoryKind::C)?;
404 let &[ref old_ptr, ref new_size] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
405 let old_ptr = this.read_pointer(old_ptr)?;
406 let new_size = this.read_scalar(new_size)?.to_machine_usize(this)?;
407 let res = this.realloc(old_ptr, new_size, MiriMemoryKind::C)?;
408 this.write_pointer(res, dest)?;
413 let &[ref size, ref align] = this.check_shim(abi, Abi::Rust, link_name, args)?;
414 let size = this.read_scalar(size)?.to_machine_usize(this)?;
415 let align = this.read_scalar(align)?.to_machine_usize(this)?;
417 return this.emulate_allocator(Symbol::intern("__rg_alloc"), |this| {
418 Self::check_alloc_request(size, align)?;
420 let ptr = this.memory.allocate(
421 Size::from_bytes(size),
422 Align::from_bytes(align).unwrap(),
423 MiriMemoryKind::Rust.into(),
426 this.write_pointer(ptr, dest)
429 "__rust_alloc_zeroed" => {
430 let &[ref size, ref align] = this.check_shim(abi, Abi::Rust, link_name, args)?;
431 let size = this.read_scalar(size)?.to_machine_usize(this)?;
432 let align = this.read_scalar(align)?.to_machine_usize(this)?;
434 return this.emulate_allocator(Symbol::intern("__rg_alloc_zeroed"), |this| {
435 Self::check_alloc_request(size, align)?;
437 let ptr = this.memory.allocate(
438 Size::from_bytes(size),
439 Align::from_bytes(align).unwrap(),
440 MiriMemoryKind::Rust.into(),
443 // We just allocated this, the access is definitely in-bounds.
444 this.memory.write_bytes(ptr.into(), iter::repeat(0u8).take(usize::try_from(size).unwrap())).unwrap();
445 this.write_pointer(ptr, dest)
448 "__rust_dealloc" => {
449 let &[ref ptr, ref old_size, ref align] = this.check_shim(abi, Abi::Rust, link_name, args)?;
450 let ptr = this.read_pointer(ptr)?;
451 let old_size = this.read_scalar(old_size)?.to_machine_usize(this)?;
452 let align = this.read_scalar(align)?.to_machine_usize(this)?;
454 return this.emulate_allocator(Symbol::intern("__rg_dealloc"), |this| {
455 // No need to check old_size/align; we anyway check that they match the allocation.
456 this.memory.deallocate(
458 Some((Size::from_bytes(old_size), Align::from_bytes(align).unwrap())),
459 MiriMemoryKind::Rust.into(),
463 "__rust_realloc" => {
464 let &[ref ptr, ref old_size, ref align, ref new_size] = this.check_shim(abi, Abi::Rust, link_name, args)?;
465 let ptr = this.read_pointer(ptr)?;
466 let old_size = this.read_scalar(old_size)?.to_machine_usize(this)?;
467 let align = this.read_scalar(align)?.to_machine_usize(this)?;
468 let new_size = this.read_scalar(new_size)?.to_machine_usize(this)?;
469 // No need to check old_size; we anyway check that they match the allocation.
471 return this.emulate_allocator(Symbol::intern("__rg_realloc"), |this| {
472 Self::check_alloc_request(new_size, align)?;
474 let align = Align::from_bytes(align).unwrap();
475 let new_ptr = this.memory.reallocate(
477 Some((Size::from_bytes(old_size), align)),
478 Size::from_bytes(new_size),
480 MiriMemoryKind::Rust.into(),
482 this.write_pointer(new_ptr, dest)
486 // C memory handling functions
488 let &[ref left, ref right, ref n] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
489 let left = this.read_pointer(left)?;
490 let right = this.read_pointer(right)?;
491 let n = Size::from_bytes(this.read_scalar(n)?.to_machine_usize(this)?);
494 let left_bytes = this.memory.read_bytes(left, n)?;
495 let right_bytes = this.memory.read_bytes(right, n)?;
497 use std::cmp::Ordering::*;
498 match left_bytes.cmp(right_bytes) {
505 this.write_scalar(Scalar::from_i32(result), dest)?;
508 let &[ref ptr, ref val, ref num] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
509 let ptr = this.read_pointer(ptr)?;
510 let val = this.read_scalar(val)?.to_i32()? as u8;
511 let num = this.read_scalar(num)?.to_machine_usize(this)?;
512 if let Some(idx) = this
514 .read_bytes(ptr, Size::from_bytes(num))?
517 .position(|&c| c == val)
519 let new_ptr = ptr.offset(Size::from_bytes(num - idx as u64 - 1), this)?;
520 this.write_pointer(new_ptr, dest)?;
522 this.write_null(dest)?;
526 let &[ref ptr, ref val, ref num] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
527 let ptr = this.read_pointer(ptr)?;
528 let val = this.read_scalar(val)?.to_i32()? as u8;
529 let num = this.read_scalar(num)?.to_machine_usize(this)?;
532 .read_bytes(ptr, Size::from_bytes(num))?
534 .position(|&c| c == val);
535 if let Some(idx) = idx {
536 let new_ptr = ptr.offset(Size::from_bytes(idx as u64), this)?;
537 this.write_pointer(new_ptr, dest)?;
539 this.write_null(dest)?;
543 let &[ref ptr] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
544 let ptr = this.read_pointer(ptr)?;
545 let n = this.read_c_str(ptr)?.len();
546 this.write_scalar(Scalar::from_machine_usize(u64::try_from(n).unwrap(), this), dest)?;
559 let &[ref f] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
560 // FIXME: Using host floats.
561 let f = f32::from_bits(this.read_scalar(f)?.to_u32()?);
562 let f = match &*link_name.as_str() {
572 this.write_scalar(Scalar::from_u32(f.to_bits()), dest)?;
579 let &[ref f1, ref f2] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
580 // underscore case for windows, here and below
581 // (see https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/floating-point-primitives?view=vs-2019)
582 // FIXME: Using host floats.
583 let f1 = f32::from_bits(this.read_scalar(f1)?.to_u32()?);
584 let f2 = f32::from_bits(this.read_scalar(f2)?.to_u32()?);
585 let n = match &*link_name.as_str() {
586 "_hypotf" | "hypotf" => f1.hypot(f2),
587 "atan2f" => f1.atan2(f2),
590 this.write_scalar(Scalar::from_u32(n.to_bits()), dest)?;
601 let &[ref f] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
602 // FIXME: Using host floats.
603 let f = f64::from_bits(this.read_scalar(f)?.to_u64()?);
604 let f = match &*link_name.as_str() {
614 this.write_scalar(Scalar::from_u64(f.to_bits()), dest)?;
621 let &[ref f1, ref f2] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
622 // FIXME: Using host floats.
623 let f1 = f64::from_bits(this.read_scalar(f1)?.to_u64()?);
624 let f2 = f64::from_bits(this.read_scalar(f2)?.to_u64()?);
625 let n = match &*link_name.as_str() {
626 "_hypot" | "hypot" => f1.hypot(f2),
627 "atan2" => f1.atan2(f2),
630 this.write_scalar(Scalar::from_u64(n.to_bits()), dest)?;
637 let &[ref x, ref exp] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
638 // For radix-2 (binary) systems, `ldexp` and `scalbn` are the same.
639 let x = this.read_scalar(x)?.to_f64()?;
640 let exp = this.read_scalar(exp)?.to_i32()?;
642 // Saturating cast to i16. Even those are outside the valid exponent range to
643 // `scalbn` below will do its over/underflow handling.
644 let exp = if exp > i32::from(i16::MAX) {
646 } else if exp < i32::from(i16::MIN) {
649 exp.try_into().unwrap()
652 let res = x.scalbn(exp);
653 this.write_scalar(Scalar::from_f64(res), dest)?;
656 // Architecture-specific shims
657 "llvm.x86.sse2.pause" if this.tcx.sess.target.arch == "x86" || this.tcx.sess.target.arch == "x86_64" => {
658 let &[] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
659 this.yield_active_thread();
661 "llvm.aarch64.isb" if this.tcx.sess.target.arch == "aarch64" => {
662 let &[ref arg] = this.check_shim(abi, Abi::Unadjusted, link_name, args)?;
663 let arg = this.read_scalar(arg)?.to_i32()?;
665 15 => { // SY ("full system scope")
666 this.yield_active_thread();
669 throw_unsup_format!("unsupported llvm.aarch64.isb argument {}", arg);
674 // Platform-specific shims
675 _ => match this.tcx.sess.target.os.as_str() {
676 "linux" | "macos" => return shims::posix::foreign_items::EvalContextExt::emulate_foreign_item_by_name(this, link_name, abi, args, dest, ret),
677 "windows" => return shims::windows::foreign_items::EvalContextExt::emulate_foreign_item_by_name(this, link_name, abi, args, dest, ret),
678 target => throw_unsup_format!("the target `{}` is not supported", target),
682 // We only fall through to here if we did *not* hit the `_` arm above,
683 // i.e., if we actually emulated the function.
684 Ok(EmulateByNameResult::NeedsJumping)
687 /// Check some basic requirements for this allocation request:
688 /// non-zero size, power-of-two alignment.
689 fn check_alloc_request(size: u64, align: u64) -> InterpResult<'tcx> {
691 throw_ub_format!("creating allocation with size 0");
693 if !align.is_power_of_two() {
694 throw_ub_format!("creating allocation with non-power-of-two alignment {}", align);
projects / rust.git / blob