Skip to content

Check number of arguments for shims #1272

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
RalfJung opened this issue Mar 28, 2020 · 7 comments · Fixed by #1298
Closed

Check number of arguments for shims #1272

RalfJung opened this issue Mar 28, 2020 · 7 comments · Fixed by #1298
Labels
A-shims Area: This affects the external function shims C-bug Category: This is a bug. E-good-first-issue A good way to start contributing, mentoring is available I-ICE Impact: makes Miri crash with some ICE I-misses-UB Impact: makes Miri miss UB, i.e., a false negative (with default settings)

Comments

@RalfJung
Copy link
Member

Basically all our shims look something like this:

                let _attr_place = this.deref_operand(args[0])?;
                let addr_place = this.deref_operand(args[1])?;
                let size_place = this.deref_operand(args[2])?;

This code will ICE if the user passes fewer than 3 arguments, and it will silently "just work" if the user passes more than 3 arguments. To mitigate this, I propose we add a helper function check_arg_count or so that we call for each and every shim (foreign items and intrinsics) to raise an appropriate error (UB seems right) in case the number of arguments is wrong.

(libstd-only shims that check this.frame().instance do not need checking.)
@RalfJung RalfJung added C-bug Category: This is a bug. A-shims Area: This affects the external function shims E-good-first-issue A good way to start contributing, mentoring is available labels Mar 28, 2020
@elichai
Copy link
Contributor

elichai commented Apr 2, 2020

I'm curious how in practice can someone pass fewer or greater number of arguments,
I can't get a code that does this to compile https://play.rust-lang.org/?version=nightly&mode=debug&edition=2018&gist=fc995e01e4938166b741d74975226b6b

@RalfJung
Copy link
Member Author

RalfJung commented Apr 2, 2020

I wasn't talking about intrinsics. I was referring only to the foreign item shims. Sorry for not being clearer.

@elichai
Copy link
Contributor

elichai commented Apr 2, 2020
edited
Loading

So this for example:

extern "C" {
    fn write(fd: i32, buf: *const u8) -> usize;
}

fn main() {
    let a = b"Hi\n\0";
    unsafe {
        write(1,a.as_ptr());
    }
}

Thanks for clarifying!

@RalfJung
Copy link
Member Author

RalfJung commented Apr 2, 2020

Yes exactly. For the record, that example ICEs.
I think the worse case is this one which is silently accepted despite being wrong:

extern "C" {
    fn write(fd: i32, buf: *const u8, size: usize, extra: usize) -> usize;
}

fn main() {
    let a = b"Hi\n\0";
    unsafe {
        write(1,a.as_ptr(),2,3);
    }
}

@al-yisun al-yisun mentioned this issue Apr 2, 2020
Merged
@RalfJung
Copy link
Member Author

RalfJung commented Apr 3, 2020

There's a proposed fix at #1298 thanks to @toc-the-younger

@RalfJung RalfJung added the I-misses-UB Impact: makes Miri miss UB, i.e., a false negative (with default settings) label Apr 16, 2020
@RalfJung RalfJung mentioned this issue Apr 22, 2020
Closed
@RalfJung RalfJung added the I-ICE Impact: makes Miri crash with some ICE label May 3, 2020
@bors bors closed this as completed in 2f974f6 May 5, 2020
@RalfJung
Copy link
Member Author

RalfJung commented May 5, 2020

@toc-the-younger you didn't just do this for the foreign items but even for intrinsics. That's great, but only half of our intrinsic implementations actually live in this repository -- the rest is in the rsutc repo so they do not have your check yet. Do you want to add the check there, too?

@al-yisun
Copy link
Contributor

al-yisun commented May 6, 2020

@RalfJung Sure! I'll start on that today.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-shims Area: This affects the external function shims C-bug Category: This is a bug. E-good-first-issue A good way to start contributing, mentoring is available I-ICE Impact: makes Miri crash with some ICE I-misses-UB Impact: makes Miri miss UB, i.e., a false negative (with default settings)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Check that shims are called with the correct number of arguments
3 participants
@RalfJung @al-yisun @elichai