avoid infinite recursion into pointers in intptrcast alloc_base_addr (see: recursive_static test case)

Ellen Arteca · Ellen Arteca · commit bca7fcc56d55 · 2022-08-09T21:52:27.000Z
diff --git a/src/intptrcast.rs b/src/intptrcast.rs
@@ -157,36 +157,44 @@ impl<'mir, 'tcx> GlobalStateInner {
     }
 
     fn alloc_base_addr(ecx: &MiriEvalContext<'mir, 'tcx>, alloc_id: AllocId) -> u64 {
-        // TODO avoid leaked address hack
-        let mut is_global = false;
-        let base_addr: u64 = match ecx.get_alloc_base_addr(alloc_id) {
-            Ok(addr) => {
-                assert!(addr.bytes() % 16 == 0);
-                addr.bytes()
-            }
-            // Grabbing u128 for max alignment
+        // With our hack, base_addr should always be fully aligned
+        let mut global_state = match ecx.machine.intptrcast.try_borrow_mut() {
+            Ok(gstate) => gstate,
             Err(_) => {
-                is_global = true;
-                Box::leak(Box::new(0u128)) as *const u128 as u64
+                // we're recursing
+                let new_addr = Box::leak(Box::new(0u128)) as *const u128 as u64;
+                unsafe {
+                    (*ecx.machine.intptrcast.as_ptr()).base_addr.insert(alloc_id, new_addr);
+                    (*ecx.machine.intptrcast.as_ptr()).int_to_ptr_map.insert(new_addr, alloc_id);
+                }
+                trace!(
+                    "Recursive case: Assigning base address {:#x} to allocation {:?}",
+                    new_addr,
+                    alloc_id,
+                );
+                return new_addr;
             }
         };
-        // With our hack, base_addr should always be fully aligned
-        let mut global_state = ecx.machine.intptrcast.borrow_mut();
         let global_state = &mut *global_state;
 
         match global_state.base_addr.entry(alloc_id) {
             Entry::Occupied(entry) => *entry.get(),
             Entry::Vacant(entry) => {
+                let base_addr = match ecx.get_alloc_base_addr(alloc_id)  {
+                    Ok(addr) => {
+                        assert!(addr.bytes() % 16 == 0);
+                        addr.bytes()
+                    }
+                    // Grabbing u128 for max alignment
+                    Err(_) => {
+                        // TODO avoid leaked address hack
+                        Box::leak(Box::new(0u128)) as *const u128 as u64
+                    }
+                };
                 // There is nothing wrong with a raw pointer being cast to an integer only after
                 // it became dangling.  Hence we allow dead allocations.
                 let (size, align, _kind) = ecx.get_alloc_info(alloc_id);
 
-                // println!("REE: {:?}, {:?}, {:?}", align, base_addr % align.bytes(), is_global);
-                let what = Self::align_addr(base_addr, align.bytes());
-                if (what != base_addr) {
-                    // println!("REEE: {:?}, {:?}, {:?}", what, base_addr, alloc_id);
-                }
-
                 // This allocation does not have a base address yet, assign its bytes base.
                 entry.insert(base_addr);
                 trace!(
@@ -200,7 +208,7 @@ impl<'mir, 'tcx> GlobalStateInner {
                 // Map has no duplicates so no need to remove copies.
                 // Map is always sorted.
                 global_state.int_to_ptr_map.insert(base_addr, alloc_id);
-
+                
                 base_addr
             }
         }
diff --git a/src/machine.rs b/src/machine.rs
@@ -224,7 +224,6 @@ pub struct AllocExtra {
     /// Weak memory emulation via the use of store buffers,
     ///  this is only added if it is enabled.
     pub weak_memory: Option<weak_memory::AllocExtra>,
-    pub real_pointer: *const u8,
 }
 
 /// Precomputed layouts of primitive types
@@ -690,10 +689,6 @@ impl<'mir, 'tcx> Machine<'mir, 'tcx> for Evaluator<'mir, 'tcx> {
         alloc: Cow<'b, Allocation>,
         kind: Option<MemoryKind<Self::MemoryKind>>,
     ) -> InterpResult<'tcx, Cow<'b, Allocation<Self::Provenance, Self::AllocExtra>>> {
-        let size = alloc.size();
-        let alloc_range = AllocRange{ start: rustc_target::abi::Size::ZERO, size: size};
-        let alloc_bytes_ptr = alloc.get_bytes_with_uninit_and_ptr(ecx, alloc_range).unwrap().as_ptr();
- 
         let kind = kind.expect("we set our STATIC_KIND so this cannot be None");
         if ecx.machine.tracked_alloc_ids.contains(&id) {
             register_diagnostic(NonHaltingDiagnostic::CreatedAlloc(
@@ -723,14 +718,12 @@ impl<'mir, 'tcx> Machine<'mir, 'tcx> for Evaluator<'mir, 'tcx> {
             )
         });
         let buffer_alloc = ecx.machine.weak_memory.then(weak_memory::AllocExtra::new_allocation);
-        // println!("yup -- {:?}", id);
         let alloc: Allocation<Provenance, Self::AllocExtra> = alloc.adjust_from_tcx(
             &ecx.tcx,
             AllocExtra {
                 stacked_borrows: stacks.map(RefCell::new),
                 data_race: race_alloc,
                 weak_memory: buffer_alloc,
-                real_pointer: alloc_bytes_ptr,
             },
             |ptr| ecx.global_base_pointer(ptr),
         )?;
