ConstProp misoptimises pointer-typed enum field 路 Issue #118328 路 rust-lang/rust (original) (raw)
Fuzzer generated MIR, reduced, and UB-free under Miri (for real this time 馃槄)
#![feature(custom_mir, core_intrinsics)] extern crate core; use core::intrinsics::mir::*;
#[custom_mir(dialect = "runtime", phase = "initial")] fn fn4() { mir! { let _1: isize; let _12: Adt55; let unit: (); { _12 = Adt55::Variant1 { fld0: 0, fld1: 0}; SetDiscriminant(_12, 0); place!(Field::<*mut isize>(Variant(_12, 0), 0)) = core::ptr::addr_of_mut!(_1); Call(unit = fn19(Field::<*mut isize>(Variant(_12, 0), 0)), bb11, UnwindUnreachable()) } bb11 = { Return() } } } #[custom_mir(dialect = "runtime", phase = "initial")] pub fn fn19(mut _1: mut isize) { mir! { { (_1) = 1; Return() } } } pub fn main() { fn4(); println!("here"); } #[derive(Debug, Copy, Clone)] pub enum Adt55 { Variant0 { fld0: *mut isize }, Variant1 { fld0: u8, fld1: u64 }, }
Segfaults with ConstProp enabled:
$ rustc -Zmir-opt-level=0 -Copt-level=0 -Zmir-enable-passes=+ConstProp repro.rs && ./repro Segmentation fault (core dumped)
Field::<*mut isize>(Variant(_12, 0), 0)), which is a valid pointer, somehow got propagated as 0:
// MIR for `fn4` before ConstProp
fn fn4() -> () {
let mut _0: ();
let mut _1: isize;
let mut _2: Adt55;
let mut _3: ();
bb0: {
_2 = Adt55::Variant1 { fld0: const 0_u8, fld1: const 0_u64 };
discriminant(_2) = 0;
((_2 as variant#0).0: *mut isize) = &raw mut _1;
_3 = fn19(((_2 as variant#0).0: *mut isize)) -> [return: bb1, unwind unreachable];
}
bb1: {
return;
}
}
// MIR for `fn4` after ConstProp
fn fn4() -> () {
let mut _0: ();
let mut _1: isize;
let mut _2: Adt55;
let mut _3: ();
bb0: {
_2 = Adt55::Variant1 { fld0: const 0_u8, fld1: const 0_u64 };
discriminant(_2) = 0;
((_2 as variant#0).0: *mut isize) = &raw mut _1;
_3 = fn19(const {0x0 as *mut isize}) -> [return: bb1, unwind unreachable];
}
bb1: {
return;
}
}