Skip to content

Ensure copy* intrinsics also perform the static self-init checks #142575

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 21, 2025
Merged

Ensure copy* intrinsics also perform the static self-init checks #142575

merged 2 commits into from
Jun 21, 2025
+45 −1

Conversation

oli-obk
Copy link
Contributor

@oli-obk oli-obk commented Jun 16, 2025
edited by rustbot
Loading

fixes #142532

r? @RalfJung

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. labels Jun 16, 2025
@rustbot
Copy link
Collaborator

rustbot commented Jun 16, 2025

Some changes occurred to the CTFE machinery

cc @RalfJung, @oli-obk, @lcnr

Some changes occurred to the CTFE / Miri interpreter

cc @rust-lang/miri

@oli-obk oli-obk added the relnotes Marks issues that should be documented in the release notes of the next release. label Jun 16, 2025
@rustbot rustbot mentioned this pull request Jun 16, 2025
Open
@oli-obk
Copy link
Contributor Author

oli-obk commented Jun 16, 2025
edited
Loading

Adding relnotes as this will break stable code if someone wrote such code in the last year, but there is absolutely no reason to do so, so not even gonna crater it.

@workingjubilee
Copy link
Member

It's a soundness fix and is only reachable by having incorrect unsafe code that should be rejected by const eval anyway, right? Then we're justified in "break first, figure out how to migrate smoothly later".

@theemathas
Copy link
Contributor

In theory, this could also affect code where there's correct unsafe code in one crate, and there's incorrect safe code in another crate misusing the first crate.

@RalfJung RalfJung mentioned this pull request Jun 17, 2025
Open
RalfJung
RalfJung reviewed Jun 17, 2025
View reviewed changes
RalfJung
RalfJung reviewed Jun 17, 2025
View reviewed changes
@oli-obk oli-obk force-pushed the sneaky-self-init branch from 16daf7d to 04f835f Compare June 17, 2025 15:07
RalfJung
RalfJung reviewed Jun 19, 2025
View reviewed changes
Copy link
Member

@RalfJung RalfJung left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

r=me with comment tweaks

compiler/rustc_const_eval/src/interpret/memory.rs Outdated
Comment on lines 1416 to 1422
// Do our own "do not read from static items while initializing them" checks
if let Ok((alloc_id, ..)) = self.ptr_try_get_alloc_id(src, size.bytes() as i64) {
M::before_alloc_read(self, alloc_id)?;
}

// For the overlapping case, it is crucial that we trigger the read hook
// before the write hook -- the aliasing model cares about the order.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// Do our own "do not read from static items while initializing them" checks
if let Ok((alloc_id, ..)) = self.ptr_try_get_alloc_id(src, size.bytes() as i64) {
M::before_alloc_read(self, alloc_id)?;
}
// For the overlapping case, it is crucial that we trigger the read hook
// before the write hook -- the aliasing model cares about the order.
// Trigger read hooks.
// For the overlapping case, it is crucial that we trigger the read hooks
// before the write hook -- the aliasing model cares about the order.
if let Ok((alloc_id, ..)) = self.ptr_try_get_alloc_id(src, size.bytes() as i64) {
M::before_alloc_read(self, alloc_id)?;
}

The core interpreter doesn't know what the hook does, so it seems odd to refer to to the static item recursion check.

@oli-obk oli-obk force-pushed the sneaky-self-init branch from 04f835f to cfc22cf Compare June 20, 2025 07:30
@oli-obk
Copy link
Contributor Author

oli-obk commented Jun 20, 2025

@bors r=RalfJung

@bors
Copy link
Collaborator

bors commented Jun 20, 2025

📌 Commit cfc22cf has been approved by RalfJung

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Jun 20, 2025
@tgross35 tgross35 mentioned this pull request Jun 20, 2025
Merged
bors added a commit that referenced this pull request Jun 20, 2025
@bors
Auto merge of #142794 - tgross35:rollup-iae7okj, r=tgross35
710a45d 
Rollup of 9 pull requests

Successful merges:

 - #142331 (Add `trim_prefix` and `trim_suffix` methods for both `slice` and `str` types.)
 - #142491 (Rework #[cold] attribute parser)
 - #142494 (Fix missing docs in `rustc_attr_parsing`)
 - #142495 (Better template for `#[repr]` attributes)
 - #142497 (Fix random failure when JS code is executed when the whole file was not read yet)
 - #142575 (Ensure copy* intrinsics also perform the static self-init checks)
 - #142650 (Refactor Translator)
 - #142713 (mbe: Refactor transcription)
 - #142755 (rustdoc: Remove `FormatRenderer::cache`)

r? `@ghost`
`@rustbot` modify labels: rollup
bors added a commit that referenced this pull request Jun 20, 2025
@bors
Auto merge of #142794 - tgross35:rollup-iae7okj, r=tgross35
15c701f 
Rollup of 9 pull requests

Successful merges:

 - #142331 (Add `trim_prefix` and `trim_suffix` methods for both `slice` and `str` types.)
 - #142491 (Rework #[cold] attribute parser)
 - #142494 (Fix missing docs in `rustc_attr_parsing`)
 - #142495 (Better template for `#[repr]` attributes)
 - #142497 (Fix random failure when JS code is executed when the whole file was not read yet)
 - #142575 (Ensure copy* intrinsics also perform the static self-init checks)
 - #142650 (Refactor Translator)
 - #142713 (mbe: Refactor transcription)
 - #142755 (rustdoc: Remove `FormatRenderer::cache`)

r? `@ghost`
`@rustbot` modify labels: rollup
@bors bors merged commit 5d6ecf5 into rust-lang:master Jun 21, 2025
10 checks passed
@rustbot rustbot added this to the 1.89.0 milestone Jun 21, 2025
rust-timer added a commit that referenced this pull request Jun 21, 2025
@rust-timer
Unrolled build for #142575
543e757 
Rollup merge of #142575 - oli-obk:sneaky-self-init, r=RalfJung

Ensure copy* intrinsics also perform the static self-init checks

fixes #142532

r? `@RalfJung`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RalfJung RalfJung RalfJung left review comments

Assignees

@RalfJung RalfJung

Labels
relnotes Marks issues that should be documented in the release notes of the next release. S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
1.89.0
Development

Successfully merging this pull request may close these issues.

std::ptr::copy() can read from uninitialized statics (unsound)
6 participants
@oli-obk @rustbot @workingjubilee @theemathas @bors @RalfJung