Auto merge of #815 - RalfJung:memory-audit, r=RalfJung

don't call Memory::get without checking the pointer first

Also avoid Memory::get if we just need to know align/size.

I audited all uses of `alloc_id`; the rest should be fine (and we can kill a bunch of them once rust-lang/rust#62257 lands).

Author: bors

src/operator.rs

@@ -206,7 +206,7 @@ impl<'mir, 'tcx> EvalContextExt<'tcx> for super::MiriEvalContext<'mir, 'tcx> {
                     // on read hardware this can easily happen. Thus for comparisons we require
                     // both pointers to be live.
                     if self.pointer_inbounds(left).is_ok() && self.pointer_inbounds(right).is_ok() {
-                        // Two in-bounds pointers in different allocations are different.
+                        // Two in-bounds (and hence live) pointers in different allocations are different.
                         false
                     } else {
                         return err!(InvalidPointerMath);
@@ -303,7 +303,9 @@ impl<'mir, 'tcx> EvalContextExt<'tcx> for super::MiriEvalContext<'mir, 'tcx> {
                 map_to_primval(left.overflowing_offset(Size::from_bytes(right as u64), self)),
 
             BitAnd if !signed => {
-                let ptr_base_align = self.memory().get(left.alloc_id)?.align.bytes();
+                let ptr_base_align = self.memory().get_size_and_align(left.alloc_id, AllocCheck::MaybeDead)
+                    .expect("alloc info with MaybeDead cannot fail")
+                    .1.bytes();
                 let base_mask = {
                     // FIXME: use `interpret::truncate`, once that takes a `Size` instead of a `Layout`.
                     let shift = 128 - self.memory().pointer_size().bits();
@@ -337,7 +339,9 @@ impl<'mir, 'tcx> EvalContextExt<'tcx> for super::MiriEvalContext<'mir, 'tcx> {
             Rem if !signed => {
                 // Doing modulo a divisor of the alignment is allowed.
                 // (Intuition: modulo a divisor leaks less information.)
-                let ptr_base_align = self.memory().get(left.alloc_id)?.align.bytes();
+                let ptr_base_align = self.memory().get_size_and_align(left.alloc_id, AllocCheck::MaybeDead)
+                    .expect("alloc info with MaybeDead cannot fail")
+                    .1.bytes();
                 let right = right as u64;
                 let ptr_size = self.memory().pointer_size();
                 if right == 1 {

src/shims/foreign_items.rs

@@ -227,9 +227,10 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
                         Align::from_bytes(align).unwrap(),
                         MiriMemoryKind::Rust.into()
                     );
+                // We just allocated this, the access cannot fail
                 this.memory_mut()
-                    .get_mut(ptr.alloc_id)?
-                    .write_repeat(tcx, ptr, 0, Size::from_bytes(size))?;
+                    .get_mut(ptr.alloc_id).unwrap()
+                    .write_repeat(tcx, ptr, 0, Size::from_bytes(size)).unwrap();
                 this.write_scalar(Scalar::Ptr(ptr), dest)?;
             }
             "__rust_dealloc" => {
@@ -469,15 +470,15 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
                         Align::from_bytes(1).unwrap(),
                         MiriMemoryKind::Env.into(),
                     );
-                    {
-                        let alloc = this.memory_mut().get_mut(value_copy.alloc_id)?;
-                        alloc.write_bytes(tcx, value_copy, &value)?;
-                        let trailing_zero_ptr = value_copy.offset(
-                            Size::from_bytes(value.len() as u64),
-                            tcx,
-                        )?;
-                        alloc.write_bytes(tcx, trailing_zero_ptr, &[0])?;
-                    }
+                    // We just allocated these, so the write cannot fail.
+                    let alloc = this.memory_mut().get_mut(value_copy.alloc_id).unwrap();
+                    alloc.write_bytes(tcx, value_copy, &value).unwrap();
+                    let trailing_zero_ptr = value_copy.offset(
+                        Size::from_bytes(value.len() as u64),
+                        tcx,
+                    ).unwrap();
+                    alloc.write_bytes(tcx, trailing_zero_ptr, &[0]).unwrap();
+
                     if let Some(var) = this.machine.env_vars.insert(
                         name.to_owned(),
                         value_copy,
@@ -814,7 +815,14 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
             },
             "GetSystemInfo" => {
                 let system_info = this.deref_operand(args[0])?;
-                let system_info_ptr = system_info.ptr.to_ptr()?;
+                let (system_info_ptr, align) = system_info.to_scalar_ptr_align();
+                let system_info_ptr = this.memory()
+                    .check_ptr_access(
+                        system_info_ptr,
+                        system_info.layout.size,
+                        align,
+                    )?
+                    .expect("cannot be a ZST");
                 // Initialize with `0`.
                 this.memory_mut().get_mut(system_info_ptr.alloc_id)?
                     .write_repeat(tcx, system_info_ptr, 0, system_info.layout.size)?;