Early otherwise branch MIR opt is unsound #95162
Labels
A-MIR
Area: Mid-level IR (MIR) - https://blog.rust-lang.org/2016/04/19/MIR.html
A-mir-opt
Area: MIR optimizations
C-bug
Category: This is a bug.
T-compiler
Relevant to the compiler team, which will review and decide on the PR/issue.
Comments
rustbot
added
A-MIR
|
Regardless of this mir-opt pass, if we write the code like this: let Q = val;
if discriminant(P) == otherwise {
let ptr = &mut Q as *mut _ as *mut u8;
unsafe { *ptr = 10; } // Any invalid value for the type
}
match (P, Q) {
(A, A) => {
// branch1
}
_ => {
// branch2
}
}No problem can arise because in branch2 only |
|
@SparrowLii so, this turns out to not be true right now, see this example. That being said, I do think you make a good point here in general, we could probably make this opt easier to execute (and be sound) by adjusting MIR building |
bors
added a commit
to rust-lang-ci/rust
that referenced
this issue
Feb 29, 2024
… r=<try> Re-enable the early otherwise branch optimization Fixes rust-lang#95162. Fixes rust-lang#119014. Fixes rust-lang#117970. An invalid enum discriminant can come from anywhere. We have to check to see if all successors contain the discriminant statement. It should not be UB that we pass in an invalid enum discriminant when calling a function, this is more like LLVM's poison value. UB only when used. Although miri would consider the following code to be UB. (It's fine for miri.) https://play.rust-lang.org/?version=stable&mode=debug&edition=2021&gist=18602870aaeb07cbdf7dfcd2c28961a2 I extended the scenario with scalars and the same target values. r? compiler
bors
added a commit
to rust-lang-ci/rust
that referenced
this issue
Mar 3, 2024
… r=<try> Re-enable the early otherwise branch optimization Fixes rust-lang#95162. Fixes rust-lang#119014. Fixes rust-lang#117970. An invalid enum discriminant can come from anywhere. We have to check to see if all successors contain the discriminant statement. It should not be UB that we pass in an invalid enum discriminant when calling a function, this is more like LLVM's poison value. UB only when used. Although miri would consider the following code to be UB. (It's fine for miri.) https://play.rust-lang.org/?version=stable&mode=debug&edition=2021&gist=18602870aaeb07cbdf7dfcd2c28961a2 I extended the scenario with scalars and the same target values. r? compiler
bors
added a commit
to rust-lang-ci/rust
that referenced
this issue
Mar 27, 2024
…nch, r=<try> Re-enable the early otherwise branch optimization Closes rust-lang#95162. Fixes rust-lang#119014. This is the first part of rust-lang#121397. An invalid enum discriminant can come from anywhere. We have to check to see if all successors contain the discriminant statement. This should have a pass to hoist instructions. r? cjgillot
bors
added a commit
to rust-lang-ci/rust
that referenced
this issue
Apr 7, 2024
…nch, r=cjgillot Re-enable the early otherwise branch optimization Closes rust-lang#95162. Fixes rust-lang#119014. This is the first part of rust-lang#121397. An invalid enum discriminant can come from anywhere. We have to check to see if all successors contain the discriminant statement. This should have a pass to hoist instructions. r? cjgillot
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I re-wrote this pass in #91840 ; however, I don't think the new version is sound either (#95161). I'm currently working on a MCVE miscompilation, but quoting from the PR:
For an example of a test that almost miscompiles, see here. The opt doesn't fire on that particular version, but it would if there was a
SimplifyCFGimmediately before.@rustbot label +A-mir +A-mir-opt +T-compiler
The text was updated successfully, but these errors were encountered: