Uninit immediates cannot happen in casts or immediate reads

Author: oli-obk

compiler/rustc_const_eval/messages.ftl

@@ -179,8 +179,6 @@ const_eval_invalid_transmute =
 
 const_eval_invalid_uninit_bytes =
     reading memory at {$alloc}{$access}, but memory is uninitialized at {$uninit}, and this operation requires initialized memory
-const_eval_invalid_uninit_bytes_unknown =
-    using uninitialized data, but this operation requires initialized memory
 
 const_eval_invalid_vtable_pointer =
     using {$pointer} as vtable pointer but it does not point to a vtable

compiler/rustc_const_eval/src/const_eval/error.rs

@@ -172,7 +172,8 @@ where
             );
 
             if let InterpErrorKind::UndefinedBehavior(UndefinedBehaviorInfo::InvalidUninitBytes(
-                Some((alloc_id, _access)),
+                alloc_id,
+                _access,
             )) = error
             {
                 let bytes = ecx.print_alloc_bytes_for_diagnostics(alloc_id);

compiler/rustc_const_eval/src/errors.rs

@@ -482,8 +482,7 @@ impl<'a> ReportErrorExt for UndefinedBehaviorInfo<'a> {
             InvalidVTablePointer(_) => const_eval_invalid_vtable_pointer,
             InvalidVTableTrait { .. } => const_eval_invalid_vtable_trait,
             InvalidStr(_) => const_eval_invalid_str,
-            InvalidUninitBytes(None) => const_eval_invalid_uninit_bytes_unknown,
-            InvalidUninitBytes(Some(_)) => const_eval_invalid_uninit_bytes,
+            InvalidUninitBytes(..) => const_eval_invalid_uninit_bytes,
             DeadLocal => const_eval_dead_local,
             ScalarSizeMismatch(_) => const_eval_scalar_size_mismatch,
             UninhabitedEnumVariantWritten(_) => const_eval_uninhabited_enum_variant_written,
@@ -515,7 +514,6 @@ impl<'a> ReportErrorExt for UndefinedBehaviorInfo<'a> {
             | PointerArithOverflow
             | InvalidMeta(InvalidMetaKind::SliceTooBig)
             | InvalidMeta(InvalidMetaKind::TooBig)
-            | InvalidUninitBytes(None)
             | DeadLocal
             | UninhabitedEnumVariantWritten(_)
             | UninhabitedEnumVariantRead(_) => {}
@@ -603,7 +601,7 @@ impl<'a> ReportErrorExt for UndefinedBehaviorInfo<'a> {
             InvalidStr(err) => {
                 diag.arg("err", format!("{err}"));
             }
-            InvalidUninitBytes(Some((alloc, info))) => {
+            InvalidUninitBytes(alloc, info) => {
                 diag.arg("alloc", alloc);
                 diag.arg("access", info.access);
                 diag.arg("uninit", info.bad);

compiler/rustc_const_eval/src/interpret/cast.rs

@@ -13,7 +13,7 @@ use tracing::trace;
 
 use super::util::ensure_monomorphic_enough;
 use super::{
-    FnVal, ImmTy, Immediate, InterpCx, Machine, OpTy, PlaceTy, err_inval, interp_ok, throw_ub,
+    FnVal, ImmTy, Immediate, InterpCx, Machine, OpTy, PlaceTy, err_inval, interp_ok,
     throw_ub_custom,
 };
 use crate::fluent_generated as fluent;
@@ -212,14 +212,13 @@ impl<'tcx, M: Machine<'tcx>> InterpCx<'tcx, M> {
             assert!(src.layout.ty.is_raw_ptr());
             return match **src {
                 Immediate::ScalarPair(data, _) => interp_ok(ImmTy::from_scalar(data, cast_to)),
-                Immediate::Scalar(..) => span_bug!(
+                Immediate::Scalar(..) | Immediate::Uninit => span_bug!(
                     self.cur_span(),
                     "{:?} input to a fat-to-thin cast ({} -> {})",
                     *src,
                     src.layout.ty,
                     cast_to.ty
                 ),
-                Immediate::Uninit => throw_ub!(InvalidUninitBytes(None)),
             };
         }
     }

compiler/rustc_const_eval/src/interpret/operand.rs

@@ -7,7 +7,7 @@ use either::{Either, Left, Right};
 use rustc_abi as abi;
 use rustc_abi::{BackendRepr, HasDataLayout, Size};
 use rustc_hir::def::Namespace;
-use rustc_middle::mir::interpret::{BadBytesAccess, ScalarSizeMismatch};
+use rustc_middle::mir::interpret::ScalarSizeMismatch;
 use rustc_middle::ty::layout::{HasTyCtxt, HasTypingEnv, TyAndLayout};
 use rustc_middle::ty::print::{FmtPrinter, PrettyPrinter};
 use rustc_middle::ty::{ConstInt, ScalarInt, Ty, TyCtxt};
@@ -663,15 +663,12 @@ impl<'tcx, M: Machine<'tcx>> InterpCx<'tcx, M> {
         }
         let imm = self.read_immediate_raw(op)?.right().unwrap();
         if matches!(*imm, Immediate::Uninit) {
-            throw_ub!(InvalidUninitBytes(match op.to_op(self)?.as_mplace_or_imm() {
-                Left(mplace) => mplace.ptr().provenance.and_then(|prov| {
-                    let start = mplace.ptr().into_parts().1;
-                    let size = op.layout().size;
-                    let range = alloc_range(start, size);
-                    Some((prov.get_alloc_id()?, BadBytesAccess { access: range, bad: range }))
-                }),
-                Right(_) => None,
-            }))
+            // The only other source of uninit immediates is locals, and those are only ever converted
+            // to `Operand`s.
+            span_bug!(
+                self.tcx.span,
+                "uninit immediate reads should have already errored when reading from memory"
+            )
         }
         interp_ok(imm)
     }

compiler/rustc_const_eval/src/interpret/validity.rs

@@ -397,7 +397,7 @@ impl<'rt, 'tcx, M: Machine<'tcx>> ValidityVisitor<'rt, 'tcx, M> {
         interp_ok(try_validation!(
             self.ecx.read_immediate(val),
             self.path,
-            Ub(InvalidUninitBytes(_)) =>
+            Ub(InvalidUninitBytes(..)) =>
                 Uninit { expected },
             // The `Unsup` cases can only occur during CTFE
             Unsup(ReadPointerAsInt(_)) =>
@@ -1203,7 +1203,7 @@ impl<'rt, 'tcx, M: Machine<'tcx>> ValueVisitor<'tcx, M> for ValidityVisitor<'rt,
                     // For some errors we might be able to provide extra information.
                     // (This custom logic does not fit the `try_validation!` macro.)
                     match kind {
-                        Ub(InvalidUninitBytes(Some((_alloc_id, access)))) | Unsup(ReadPointerAsInt(Some((_alloc_id, access)))) => {
+                        Ub(InvalidUninitBytes(_alloc_id, access)) | Unsup(ReadPointerAsInt(Some((_alloc_id, access)))) => {
                             // Some byte was uninitialized, determine which
                             // element that byte belongs to so we can
                             // provide an index.
@@ -1213,7 +1213,7 @@ impl<'rt, 'tcx, M: Machine<'tcx>> ValueVisitor<'tcx, M> for ValidityVisitor<'rt,
                             .unwrap();
                             self.path.push(PathElem::ArrayElem(i));
 
-                            if matches!(kind, Ub(InvalidUninitBytes(_))) {
+                            if matches!(kind, Ub(InvalidUninitBytes(..))) {
                                 err_validation_failure!(self.path, Uninit { expected })
                             } else {
                                 err_validation_failure!(self.path, PointerAsInt { expected })

compiler/rustc_middle/src/mir/interpret/allocation.rs

@@ -309,7 +309,7 @@ pub enum AllocError {
     /// Partially copying a pointer.
     ReadPartialPointer(Size),
     /// Using uninitialized data where it is not allowed.
-    InvalidUninitBytes(Option<BadBytesAccess>),
+    InvalidUninitBytes(BadBytesAccess),
 }
 pub type AllocResult<T = ()> = Result<T, AllocError>;
 
@@ -336,7 +336,7 @@ impl AllocError {
                 UnsupportedOpInfo::ReadPartialPointer(Pointer::new(alloc_id, offset)),
             ),
             InvalidUninitBytes(info) => InterpErrorKind::UndefinedBehavior(
-                UndefinedBehaviorInfo::InvalidUninitBytes(info.map(|b| (alloc_id, b))),
+                UndefinedBehaviorInfo::InvalidUninitBytes(alloc_id, info),
             ),
         }
     }
@@ -597,10 +597,7 @@ impl<Prov: Provenance, Extra, Bytes: AllocBytes> Allocation<Prov, Extra, Bytes>
         range: AllocRange,
     ) -> AllocResult<&[u8]> {
         self.init_mask.is_range_initialized(range).map_err(|uninit_range| {
-            AllocError::InvalidUninitBytes(Some(BadBytesAccess {
-                access: range,
-                bad: uninit_range,
-            }))
+            AllocError::InvalidUninitBytes(BadBytesAccess { access: range, bad: uninit_range })
         })?;
         if !Prov::OFFSET_IS_ADDR && !self.provenance.range_empty(range, cx) {
             // Find the provenance.
@@ -701,10 +698,7 @@ impl<Prov: Provenance, Extra, Bytes: AllocBytes> Allocation<Prov, Extra, Bytes>
     ) -> AllocResult<Scalar<Prov>> {
         // First and foremost, if anything is uninit, bail.
         if let Err(bad) = self.init_mask.is_range_initialized(range) {
-            return Err(AllocError::InvalidUninitBytes(Some(BadBytesAccess {
-                access: range,
-                bad,
-            })));
+            return Err(AllocError::InvalidUninitBytes(BadBytesAccess { access: range, bad }));
         }
 
         // Get the integer part of the result. We HAVE TO check provenance before returning this!

compiler/rustc_middle/src/mir/interpret/error.rs

@@ -412,7 +412,7 @@ pub enum UndefinedBehaviorInfo<'tcx> {
     /// Using a string that is not valid UTF-8,
     InvalidStr(std::str::Utf8Error),
     /// Using uninitialized data where it is not allowed.
-    InvalidUninitBytes(Option<(AllocId, BadBytesAccess)>),
+    InvalidUninitBytes(AllocId, BadBytesAccess),
     /// Working with a local that is not currently live.
     DeadLocal,
     /// Data size is not equal to target size.

src/tools/miri/src/concurrency/data_race.rs

@@ -731,10 +731,9 @@ pub trait EvalContextExt<'tcx>: MiriInterpCxExt<'tcx> {
         }
 
         let scalar = this.allow_data_races_ref(move |this| this.read_scalar(place))?;
-        let buffered_scalar = this.buffered_atomic_read(place, atomic, scalar, || {
+        this.buffered_atomic_read(place, atomic, scalar, || {
             this.validate_atomic_load(place, atomic)
-        })?;
-        interp_ok(buffered_scalar.ok_or_else(|| err_ub!(InvalidUninitBytes(None)))?)
+        })
     }
 
     /// Perform an atomic write operation at the memory location.

src/tools/miri/src/concurrency/weak_memory.rs

@@ -488,7 +488,7 @@ pub(super) trait EvalContextExt<'tcx>: crate::MiriInterpCxExt<'tcx> {
         atomic: AtomicReadOrd,
         latest_in_mo: Scalar,
         validate: impl FnOnce() -> InterpResult<'tcx>,
-    ) -> InterpResult<'tcx, Option<Scalar>> {
+    ) -> InterpResult<'tcx, Scalar> {
         let this = self.eval_context_ref();
         'fallback: {
             if let Some(global) = this.machine.data_race.as_vclocks_ref() {
@@ -518,15 +518,20 @@ pub(super) trait EvalContextExt<'tcx>: crate::MiriInterpCxExt<'tcx> {
                             ptr: place.ptr(),
                         });
                     }
-
-                    return interp_ok(loaded);
+                    return interp_ok(loaded.ok_or_else(|| {
+                        let access = alloc_range(base_offset, place.layout.size);
+                        err_ub!(InvalidUninitBytes(
+                            alloc_id,
+                            BadBytesAccess { access, bad: access }
+                        ))
+                    })?);
                 }
             }
         }
 
         // Race detector or weak memory disabled, simply read the latest value
         validate()?;
-        interp_ok(Some(latest_in_mo))
+        interp_ok(latest_in_mo)
     }
 
     /// Add the given write to the store buffer. (Does not change machine memory.)

src/tools/miri/src/diagnostics.rs

@@ -411,7 +411,7 @@ pub fn report_error<'tcx>(
     // Since `format_interp_error` consumes `e`, we compute the outut early.
     let mut extra = String::new();
     match e.kind() {
-        UndefinedBehavior(InvalidUninitBytes(Some((alloc_id, access)))) => {
+        UndefinedBehavior(InvalidUninitBytes(alloc_id, access)) => {
             writeln!(
                 extra,
                 "Uninitialized memory occurred at {alloc_id:?}{range:?}, in this allocation:",