--- /dev/null
+#[allow(deref_nullptr)]
+fn main() {
+ let x: i32 = unsafe { *std::ptr::null() }; //~ ERROR null pointer is not a valid pointer
+ panic!("this should never print: {}", x);
+}
--- /dev/null
+// Some optimizations remove ZST accesses, thus masking this UB.
+// compile-flags: -Zmir-opt-level=0
+
+#[allow(deref_nullptr)]
+fn main() {
+ let x: () = unsafe { *std::ptr::null() }; //~ ERROR dereferencing pointer failed: null pointer is not a valid pointer
+ panic!("this should never print: {:?}", x);
+}
--- /dev/null
+#[allow(deref_nullptr)]
+fn main() {
+ unsafe { *std::ptr::null_mut() = 0i32 }; //~ ERROR null pointer is not a valid pointer
+}
--- /dev/null
+// Some optimizations remove ZST accesses, thus masking this UB.
+// compile-flags: -Zmir-opt-level=0
+// error-pattern: memory access failed: null pointer is not a valid pointer
+
+#[allow(deref_nullptr)]
+fn main() {
+ // Not using the () type here, as writes of that type do not even have MIR generated.
+ // Also not assigning directly as that's array initialization, not assignment.
+ let zst_val = [1u8; 0];
+ unsafe { std::ptr::null_mut::<[u8; 0]>().write(zst_val) };
+}
+++ /dev/null
-#[allow(deref_nullptr)]
-fn main() {
- let x: i32 = unsafe { *std::ptr::null() }; //~ ERROR null pointer is not a valid pointer
- panic!("this should never print: {}", x);
-}
+++ /dev/null
-// Some optimizations remove ZST accesses, thus masking this UB.
-// compile-flags: -Zmir-opt-level=0
-
-#[allow(deref_nullptr)]
-fn main() {
- let x: () = unsafe { *std::ptr::null() }; //~ ERROR dereferencing pointer failed: null pointer is not a valid pointer
- panic!("this should never print: {:?}", x);
-}
+++ /dev/null
-#[allow(deref_nullptr)]
-fn main() {
- unsafe { *std::ptr::null_mut() = 0i32 }; //~ ERROR null pointer is not a valid pointer
-}
+++ /dev/null
-// Some optimizations remove ZST accesses, thus masking this UB.
-// compile-flags: -Zmir-opt-level=0
-// error-pattern: memory access failed: null pointer is not a valid pointer
-
-#[allow(deref_nullptr)]
-fn main() {
- // Not using the () type here, as writes of that type do not even have MIR generated.
- // Also not assigning directly as that's array initialization, not assignment.
- let zst_val = [1u8; 0];
- unsafe { std::ptr::null_mut::<[u8; 0]>().write(zst_val) };
-}
--- /dev/null
+// compile-flags: -Zmiri-permissive-provenance -Zmiri-disable-stacked-borrows
+
+fn main() {
+ let x: i32 = 3;
+ let x_ptr = &x as *const i32;
+
+ // TODO: switch this to addr() once we intrinsify it
+ let x_usize: usize = unsafe { std::mem::transmute(x_ptr) };
+ // Cast back a pointer that did *not* get exposed.
+ let ptr = x_usize as *const i32;
+ assert_eq!(unsafe { *ptr }, 3); //~ ERROR Undefined Behavior: dereferencing pointer failed
+}
--- /dev/null
+// compile-flags: -Zmiri-disable-stacked-borrows
+#![feature(strict_provenance)]
+
+use std::ptr;
+
+// Make sure that with legacy provenance, the allocation id of
+// a casted pointer is determined at cast-time
+fn main() {
+ let x: i32 = 0;
+ let y: i32 = 1;
+
+ let x_ptr = &x as *const i32;
+ let y_ptr = &y as *const i32;
+
+ let x_usize = x_ptr.expose_addr();
+ let y_usize = y_ptr.expose_addr();
+
+ let ptr = ptr::from_exposed_addr::<i32>(y_usize);
+ let ptr = ptr.with_addr(x_usize);
+ assert_eq!(unsafe { *ptr }, 0); //~ ERROR is out-of-bounds
+}
--- /dev/null
+// compile-flags: -Zmiri-strict-provenance
+// error-pattern: not a valid pointer
+
+fn main() {
+ let x = 22;
+ let ptr = &x as *const _ as *const u8;
+ let roundtrip = ptr as usize as *const u8;
+ let _ = unsafe { roundtrip.offset(1) };
+}
--- /dev/null
+// compile-flags: -Zmiri-strict-provenance
+#![feature(strict_provenance)]
+
+use std::mem;
+
+// This is the example from
+// <https://github.com/rust-lang/unsafe-code-guidelines/issues/286#issuecomment-1085144431>.
+
+unsafe fn deref(left: *const u8, right: *const u8) {
+ let left_int: usize = mem::transmute(left); //~ERROR expected plain (non-pointer) bytes
+ let right_int: usize = mem::transmute(right);
+ if left_int == right_int {
+ // The compiler is allowed to replace `left_int` by `right_int` here...
+ let left_ptr: *const u8 = mem::transmute(left_int);
+ // ...which however means here it could be dereferencing the wrong pointer.
+ let _val = *left_ptr;
+ }
+}
+
+fn main() {
+ let ptr1 = &0u8 as *const u8;
+ let ptr2 = &1u8 as *const u8;
+ unsafe {
+ // Two pointers with the same address but different provenance.
+ deref(ptr1, ptr2.with_addr(ptr1.addr()));
+ }
+}
+++ /dev/null
-// compile-flags: -Zmiri-permissive-provenance -Zmiri-disable-stacked-borrows
-
-fn main() {
- let x: i32 = 3;
- let x_ptr = &x as *const i32;
-
- // TODO: switch this to addr() once we intrinsify it
- let x_usize: usize = unsafe { std::mem::transmute(x_ptr) };
- // Cast back a pointer that did *not* get exposed.
- let ptr = x_usize as *const i32;
- assert_eq!(unsafe { *ptr }, 3); //~ ERROR Undefined Behavior: dereferencing pointer failed
-}
+++ /dev/null
-// compile-flags: -Zmiri-check-number-validity
-
-fn main() {
- let r = &mut 42;
- let _i: [usize; 1] = unsafe { std::mem::transmute(r) }; //~ ERROR encountered a pointer, but expected plain (non-pointer) bytes
-}
+++ /dev/null
-// compile-flags: -Zmiri-disable-stacked-borrows
-#![feature(strict_provenance)]
-
-use std::ptr;
-
-// Make sure that with legacy provenance, the allocation id of
-// a casted pointer is determined at cast-time
-fn main() {
- let x: i32 = 0;
- let y: i32 = 1;
-
- let x_ptr = &x as *const i32;
- let y_ptr = &y as *const i32;
-
- let x_usize = x_ptr.expose_addr();
- let y_usize = y_ptr.expose_addr();
-
- let ptr = ptr::from_exposed_addr::<i32>(y_usize);
- let ptr = ptr.with_addr(x_usize);
- assert_eq!(unsafe { *ptr }, 0); //~ ERROR is out-of-bounds
-}
+++ /dev/null
-// compile-flags: -Zmiri-strict-provenance
-// error-pattern: not a valid pointer
-
-fn main() {
- let x = 22;
- let ptr = &x as *const _ as *const u8;
- let roundtrip = ptr as usize as *const u8;
- let _ = unsafe { roundtrip.offset(1) };
-}
+++ /dev/null
-// compile-flags: -Zmiri-strict-provenance
-#![feature(strict_provenance)]
-
-use std::mem;
-
-// This is the example from
-// <https://github.com/rust-lang/unsafe-code-guidelines/issues/286#issuecomment-1085144431>.
-
-unsafe fn deref(left: *const u8, right: *const u8) {
- let left_int: usize = mem::transmute(left); //~ERROR expected plain (non-pointer) bytes
- let right_int: usize = mem::transmute(right);
- if left_int == right_int {
- // The compiler is allowed to replace `left_int` by `right_int` here...
- let left_ptr: *const u8 = mem::transmute(left_int);
- // ...which however means here it could be dereferencing the wrong pointer.
- let _val = *left_ptr;
- }
-}
-
-fn main() {
- let ptr1 = &0u8 as *const u8;
- let ptr2 = &1u8 as *const u8;
- unsafe {
- // Two pointers with the same address but different provenance.
- deref(ptr1, ptr2.with_addr(ptr1.addr()));
- }
-}
+++ /dev/null
-use std::mem;
-
-fn main() { unsafe {
- let ptr = Box::into_raw(Box::new(0u8));
- let _x: &[u8] = mem::transmute((ptr, usize::MAX)); //~ ERROR: invalid reference metadata: slice is bigger than largest supported object
-} }
+++ /dev/null
-use std::mem;
-
-#[allow(unused)]
-struct MySlice {
- prefix: u64,
- tail: [u8],
-}
-
-fn main() { unsafe {
- let ptr = Box::into_raw(Box::new(0u8));
- // The slice part is actually not "too big", but together with the `prefix` field it is.
- let _x: &MySlice = mem::transmute((ptr, isize::MAX as usize)); //~ ERROR: invalid reference metadata: total size is bigger than largest supported object
-} }
--- /dev/null
+// compile-flags: -Zmiri-check-number-validity
+
+fn main() {
+ let r = &mut 42;
+ let _i: [usize; 1] = unsafe { std::mem::transmute(r) }; //~ ERROR encountered a pointer, but expected plain (non-pointer) bytes
+}
--- /dev/null
+use std::mem;
+
+fn main() { unsafe {
+ let ptr = Box::into_raw(Box::new(0u8));
+ let _x: &[u8] = mem::transmute((ptr, usize::MAX)); //~ ERROR: invalid reference metadata: slice is bigger than largest supported object
+} }
--- /dev/null
+use std::mem;
+
+#[allow(unused)]
+struct MySlice {
+ prefix: u64,
+ tail: [u8],
+}
+
+fn main() { unsafe {
+ let ptr = Box::into_raw(Box::new(0u8));
+ // The slice part is actually not "too big", but together with the `prefix` field it is.
+ let _x: &MySlice = mem::transmute((ptr, isize::MAX as usize)); //~ ERROR: invalid reference metadata: total size is bigger than largest supported object
+} }