Detect (non-raw) borrows of null ZST pointers in CheckNull #136601
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rustbot
added
S-waiting-on-review
|
Some changes occurred to MIR optimizations cc @rust-lang/wg-mir-opt |
compiler-errors
force-pushed
the
borrow-null-zst
branch
from
6e4dac4 to
ea279a5
Compare
|
I think this is definitely UB, because null references, even of ZSTs, already currently cause "unexpected" behavior. For example, this code prints fn main() {
let null_ref = unsafe { &*std::ptr::null::<()>() };
println!("{:?}", Some(null_ref));
}This code panics in debug mode, but prints fn main() {
let null_ref = unsafe { &*std::ptr::null::<()>() };
let x = Some(std::hint::black_box(null_ref));
let y = x.unwrap();
println!("{x:?} {y:?}");
} |
|
Oh, that is a good point. I forgot that null references of ZSTs are definitely UB bc of the niche. |
This comment was marked as resolved.
This comment was marked as resolved.
|
References are non-null (validity/language invariant), and "creating an invalid value" is insta-UB. So yes, |
RalfJung
reviewed
Feb 6, 2025
|
r=me with comments tweaked ^ |
saethlin
added
S-waiting-on-author
compiler-errors
force-pushed
the
borrow-null-zst
branch
from
ea279a5 to
b4641b2
Compare
|
I've also fixed the typo of occured -> occurred. @bors r=saethlin |
bors
added
S-waiting-on-bors
Urgau
added a commit
to Urgau/rust
that referenced
this pull request
Feb 8, 2025
…=saethlin Detect (non-raw) borrows of null ZST pointers in CheckNull Fixes rust-lang#136568. Ensures that we check that borrows of derefs are non-null in the `CheckNull` pass **even if** it's a ZST pointee. I'm actually surprised that this is UB in Miri, but if it's certainly UB, then this PR modifies the null check to be stricter. I couldn't find anywhere in https://doc.rust-lang.org/reference/behavior-considered-undefined.html that discusses this case specifically, but I didn't read it too closely, or perhaps it's just missing a bullet point. On the contrary, if this is actually erroneous UB in Miri, then I'm happy to close this (and perhaps fix the null check in Miri to exclude ZSTs?) On the double contrary, if this is still an "open question", I'm also happy to close this and wait for a decision to be made. r? `@saethlin` cc `@RalfJung` (perhaps you feel strongly about this change)
This was referenced Feb 8, 2025
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Feb 9, 2025
Rollup of 5 pull requests Successful merges: - rust-lang#134679 (Windows: remove readonly files) - rust-lang#136213 (Allow Rust to use a number of libc filesystem calls) - rust-lang#136530 (Implement `x perf` directly in bootstrap) - rust-lang#136601 (Detect (non-raw) borrows of null ZST pointers in CheckNull) - rust-lang#136659 (Pick the max DWARF version when LTO'ing modules with different versions ) r? `@ghost` `@rustbot` modify labels: rollup
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Feb 9, 2025
Rollup of 5 pull requests Successful merges: - rust-lang#134679 (Windows: remove readonly files) - rust-lang#136213 (Allow Rust to use a number of libc filesystem calls) - rust-lang#136530 (Implement `x perf` directly in bootstrap) - rust-lang#136601 (Detect (non-raw) borrows of null ZST pointers in CheckNull) - rust-lang#136659 (Pick the max DWARF version when LTO'ing modules with different versions ) r? `@ghost` `@rustbot` modify labels: rollup
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Feb 9, 2025
Rollup of 5 pull requests Successful merges: - rust-lang#134679 (Windows: remove readonly files) - rust-lang#136213 (Allow Rust to use a number of libc filesystem calls) - rust-lang#136530 (Implement `x perf` directly in bootstrap) - rust-lang#136601 (Detect (non-raw) borrows of null ZST pointers in CheckNull) - rust-lang#136659 (Pick the max DWARF version when LTO'ing modules with different versions ) r? `@ghost` `@rustbot` modify labels: rollup
rust-timer
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Feb 9, 2025
Rollup merge of rust-lang#136601 - compiler-errors:borrow-null-zst, r=saethlin Detect (non-raw) borrows of null ZST pointers in CheckNull Fixes rust-lang#136568. Ensures that we check that borrows of derefs are non-null in the `CheckNull` pass **even if** it's a ZST pointee. I'm actually surprised that this is UB in Miri, but if it's certainly UB, then this PR modifies the null check to be stricter. I couldn't find anywhere in https://doc.rust-lang.org/reference/behavior-considered-undefined.html that discusses this case specifically, but I didn't read it too closely, or perhaps it's just missing a bullet point. On the contrary, if this is actually erroneous UB in Miri, then I'm happy to close this (and perhaps fix the null check in Miri to exclude ZSTs?) On the double contrary, if this is still an "open question", I'm also happy to close this and wait for a decision to be made. r? ``@saethlin`` cc ``@RalfJung`` (perhaps you feel strongly about this change)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #136568. Ensures that we check that borrows of derefs are non-null in the
CheckNullpass even if it's a ZST pointee.I'm actually surprised that this is UB in Miri, but if it's certainly UB, then this PR modifies the null check to be stricter. I couldn't find anywhere in https://doc.rust-lang.org/reference/behavior-considered-undefined.html that discusses this case specifically, but I didn't read it too closely, or perhaps it's just missing a bullet point.
On the contrary, if this is actually erroneous UB in Miri, then I'm happy to close this (and perhaps fix the null check in Miri to exclude ZSTs?)
On the double contrary, if this is still an "open question", I'm also happy to close this and wait for a decision to be made.
r? @saethlin cc @RalfJung (perhaps you feel strongly about this change)