Add Miri testing for unsafe code validation #26
Description
Add Miri testing to validate all unsafe code for undefined behavior.
Objectives
- Add Miri for unsafe code validation
- Test all unsafe blocks and FFI operations
- Detect undefined behavior at compile time
- Integrate Miri into CI pipeline
What is Miri?
Miri is Rust's interpreter for detecting undefined behavior in unsafe code:
- Detects invalid memory access
- Validates pointer aliasing rules
- Checks for data races
- Verifies unsafe code soundness
- Catches UB that tests might miss
Why Critical for cstring-array?
Our library contains unsafe code in:
- src/array.rs:84 - Pointer operations in pointer array construction
- src/array.rs:162-163 - Raw pointer dereferencing in as_ptr
- src/array.rs:187-189 - Mutable pointer operations
- tests/integration.rs - Extensive unsafe FFI testing
- Send/Sync implementations - Need validation
Unsafe Code Locations
// src/array.rs:84
pointers.extend(cstrings.iter().map(|s| s.as_ptr()));
// tests/integration.rs:31
unsafe {
assert\!(\!(*argv).is_null());
*argv
}
// tests/integration.rs:92
unsafe {
let s = CStr::from_ptr(*current).to_str().unwrap();
current = current.offset(1);
}Implementation Plan
1. Add Miri to CI workflow
Create .github/workflows/miri.yml:
name: Miri
on:
push:
branches: [main]
pull_request:
branches: [main]
schedule:
- cron: '0 3 * * 1'
permissions:
contents: read
jobs:
miri:
name: Miri
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Rust nightly with Miri
uses: dtolnay/rust-toolchain@nightly
with:
components: miri
- name: Setup Rust cache
uses: Swatinem/rust-cache@v2
with:
key: miri
- name: Run Miri tests
run: |
cargo miri setup
cargo miri test --all-features
env:
MIRIFLAGS: -Zmiri-symbolic-alignment-check -Zmiri-disable-isolation2. Add Miri-specific test configuration
Update Cargo.toml:
[target.'cfg(miri)'.dev-dependencies]
# Miri-specific test dependencies if needed3. Fix potential Miri issues
Common issues Miri might find:
- Invalid pointer arithmetic
- Unaligned memory access
- Data races in Send/Sync
- Use-after-free
- Reading uninitialized memory
4. Add Miri documentation
Create docs section explaining:
- How to run Miri locally: cargo +nightly miri test
- What Miri validates
- How to interpret Miri errors
Expected Miri Checks
Miri will validate:
-
Pointer validity
- All pointers are properly aligned
- No use-after-free
- Valid pointer arithmetic
-
Aliasing rules
- Mutable references don't alias
- Shared references are valid
- Raw pointer usage is sound
-
Memory initialization
- All memory reads are from initialized locations
- No reading of padding bytes
-
Send/Sync safety
- Concurrent access is safe
- No hidden data races
Benefits
- Soundness: Prove unsafe code is correct
- UB Detection: Find undefined behavior before production
- Confidence: Mathematical proof of memory safety
- Professional: Industry-standard validation
- FFI Safety: Critical for C interop
- Documentation: Shows code is thoroughly validated
Success Criteria
- All tests pass under Miri
- CI runs Miri on every PR
- Weekly scheduled Miri runs
- Documentation includes Miri instructions
- Zero Miri warnings or errors
- REUSE 3.3 compliant
Common Miri Flags
# Standard validation
cargo +nightly miri test
# With extra checks
MIRIFLAGS="-Zmiri-symbolic-alignment-check" cargo +nightly miri test
# Disable isolation for system interactions
MIRIFLAGS="-Zmiri-disable-isolation" cargo +nightly miri test
# Track raw pointers
MIRIFLAGS="-Zmiri-track-raw-pointers" cargo +nightly miri testReferences
- Miri Documentation: https://github.com/rust-lang/miri
- Rust Unsafe Code Guidelines: https://rust-lang.github.io/unsafe-code-guidelines/
- Miri in CI: https://github.com/rust-lang/miri#using-miri-on-ci