Auto merge of #2523 - saethlin:protector-test, r=RalfJung

bors · bors · commit 2d50443401d0 · 2022-09-01T13:49:27.000Z
Add a protector test that demonstrates the base tag diagnostic Per #2519 (comment), this demonstrates this case for protector diagnostics: ``` help: <3131> was created here, as a base tag for alloc1623 --> tests/fail/stacked_borrows/invalidate_against_protector3.rs:10:19 | 10 | let ptr = std::alloc::alloc(std::alloc::Layout::for_value(&0i32)) as *mut i32; | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ``` This diagnostic is inspired by what Miri used to do with rust-lang/rust#60076 (comment)
diff --git a/src/stacked_borrows/diagnostics.rs b/src/stacked_borrows/diagnostics.rs
@@ -332,7 +332,7 @@ impl<'span, 'history, 'ecx, 'mir, 'tcx> DiagnosticCx<'span, 'history, 'ecx, 'mir
                 // this allocation.
                 if self.history.base.0.tag() == tag {
                     Some((
-                        format!("{:?} was created here, as a base tag for {:?}", tag, self.history.id),
+                        format!("{:?} was created here, as the base tag for {:?}", tag, self.history.id),
                         self.history.base.1.data()
                     ))
                 } else {
diff --git a/tests/fail/stacked_borrows/invalidate_against_protector3.rs b/tests/fail/stacked_borrows/invalidate_against_protector3.rs
@@ -0,0 +1,15 @@
+use std::alloc::{alloc, Layout};
+
+fn inner(x: *mut i32, _y: &i32) {
+    // If `x` and `y` alias, retagging is fine with this... but we really
+    // shouldn't be allowed to write to `x` at all because `y` was assumed to be
+    // immutable for the duration of this call.
+    unsafe { *x = 0 }; //~ ERROR: protect
+}
+
+fn main() {
+    unsafe {
+        let ptr = alloc(Layout::for_value(&0i32)) as *mut i32;
+        inner(ptr, &*ptr);
+    };
+}
diff --git a/tests/fail/stacked_borrows/invalidate_against_protector3.stderr b/tests/fail/stacked_borrows/invalidate_against_protector3.stderr
@@ -0,0 +1,30 @@
+error: Undefined Behavior: not granting access to tag <TAG> because that would remove [SharedReadOnly for <TAG>] which is protected because it is an argument of call ID
+  --> $DIR/invalidate_against_protector3.rs:LL:CC
+   |
+LL |     unsafe { *x = 0 };
+   |              ^^^^^^ not granting access to tag <TAG> because that would remove [SharedReadOnly for <TAG>] which is protected because it is an argument of call ID
+   |
+   = help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental
+   = help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information
+help: <TAG> was created here, as the base tag for ALLOC
+  --> $DIR/invalidate_against_protector3.rs:LL:CC
+   |
+LL |         let ptr = alloc(Layout::for_value(&0i32)) as *mut i32;
+   |                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+help: <TAG> is this argument
+  --> $DIR/invalidate_against_protector3.rs:LL:CC
+   |
+LL | fn inner(x: *mut i32, _y: &i32) {
+   |                       ^^
+   = note: BACKTRACE:
+   = note: inside `inner` at $DIR/invalidate_against_protector3.rs:LL:CC
+note: inside `main` at $DIR/invalidate_against_protector3.rs:LL:CC
+  --> $DIR/invalidate_against_protector3.rs:LL:CC
+   |
+LL |         inner(ptr, &*ptr);
+   |         ^^^^^^^^^^^^^^^^^
+
+note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
+
+error: aborting due to previous error
+
