Check number of arguments for shims

[RalfJung]

Basically all our shims look something like this:

                let _attr_place = this.deref_operand(args[0])?;
                let addr_place = this.deref_operand(args[1])?;
                let size_place = this.deref_operand(args[2])?;

This code will ICE if the user passes fewer than 3 arguments, and it will silently "just work" if the user passes more than 3 arguments. To mitigate this, I propose we add a helper function check_arg_count or so that we call for each and every shim (foreign items and intrinsics) to raise an appropriate error (UB seems right) in case the number of arguments is wrong.

(libstd-only shims that check this.frame().instance do not need checking.)

[elichai]

I'm curious how in practice can someone pass fewer or greater number of arguments,
I can't get a code that does this to compile https://play.rust-lang.org/?version=nightly&mode=debug&edition=2018&gist=fc995e01e4938166b741d74975226b6b

[RalfJung]

I wasn't talking about intrinsics. I was referring only to the foreign item shims. Sorry for not being clearer.

[elichai]

So this for example:

extern "C" {
    fn write(fd: i32, buf: *const u8) -> usize;
}

fn main() {
    let a = b"Hi\n\0";
    unsafe {
        write(1,a.as_ptr());
    }
}

Thanks for clarifying!

[RalfJung]

Yes exactly. For the record, that example ICEs.
I think the worse case is this one which is silently accepted despite being wrong:

extern "C" {
    fn write(fd: i32, buf: *const u8, size: usize, extra: usize) -> usize;
}

fn main() {
    let a = b"Hi\n\0";
    unsafe {
        write(1,a.as_ptr(),2,3);
    }
}

[RalfJung]

There's a proposed fix at #1298 thanks to @toc-the-younger

[RalfJung]

@toc-the-younger you didn't just do this for the foreign items but even for intrinsics. That's great, but only half of our intrinsic implementations actually live in this repository -- the rest is in the rsutc repo so they do not have your check yet. Do you want to add the check there, too?