Detect (non-raw) borrows of null ZST pointers in CheckNull #136601
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rustbot
added
S-waiting-on-review
Collaborator
|
Some changes occurred to MIR optimizations cc @rust-lang/wg-mir-opt |
compiler-errors
force-pushed
the
borrow-null-zst
branch
from
6e4dac4 to
ea279a5
Compare
Contributor
|
I think this is definitely UB, because null references, even of ZSTs, already currently cause "unexpected" behavior. For example, this code prints fn main() {
let null_ref = unsafe { &*std::ptr::null::<()>() };
println!("{:?}", Some(null_ref));
}This code panics in debug mode, but prints fn main() {
let null_ref = unsafe { &*std::ptr::null::<()>() };
let x = Some(std::hint::black_box(null_ref));
let y = x.unwrap();
println!("{x:?} {y:?}");
} |
Member
Author
|
Oh, that is a good point. I forgot that null references of ZSTs are definitely UB bc of the niche. |
This comment was marked as resolved.
This comment was marked as resolved.
Member
|
References are non-null (validity/language invariant), and "creating an invalid value" is insta-UB. So yes, |
RalfJung
reviewed
Feb 6, 2025
Member
|
r=me with comments tweaked ^ |
saethlin
added
S-waiting-on-author
compiler-errors
force-pushed
the
borrow-null-zst
branch
from
ea279a5 to
b4641b2
Compare
Collaborator
Member
Author
|
I've also fixed the typo of occured -> occurred. @bors r=saethlin |
Collaborator
bors
added
S-waiting-on-bors
Urgau
added a commit
to Urgau/rust
that referenced
this pull request
Feb 8, 2025
…=saethlin Detect (non-raw) borrows of null ZST pointers in CheckNull Fixes rust-lang#136568. Ensures that we check that borrows of derefs are non-null in the `CheckNull` pass **even if** it's a ZST pointee. I'm actually surprised that this is UB in Miri, but if it's certainly UB, then this PR modifies the null check to be stricter. I couldn't find anywhere in https://doc.rust-lang.org/reference/behavior-considered-undefined.html that discusses this case specifically, but I didn't read it too closely, or perhaps it's just missing a bullet point. On the contrary, if this is actually erroneous UB in Miri, then I'm happy to close this (and perhaps fix the null check in Miri to exclude ZSTs?) On the double contrary, if this is still an "open question", I'm also happy to close this and wait for a decision to be made. r? `@saethlin` cc `@RalfJung` (perhaps you feel strongly about this change)
This was referenced Feb 8, 2025
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Feb 9, 2025
Rollup of 5 pull requests Successful merges: - rust-lang#134679 (Windows: remove readonly files) - rust-lang#136213 (Allow Rust to use a number of libc filesystem calls) - rust-lang#136530 (Implement `x perf` directly in bootstrap) - rust-lang#136601 (Detect (non-raw) borrows of null ZST pointers in CheckNull) - rust-lang#136659 (Pick the max DWARF version when LTO'ing modules with different versions ) r? `@ghost` `@rustbot` modify labels: rollup
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Feb 9, 2025
Rollup of 5 pull requests Successful merges: - rust-lang#134679 (Windows: remove readonly files) - rust-lang#136213 (Allow Rust to use a number of libc filesystem calls) - rust-lang#136530 (Implement `x perf` directly in bootstrap) - rust-lang#136601 (Detect (non-raw) borrows of null ZST pointers in CheckNull) - rust-lang#136659 (Pick the max DWARF version when LTO'ing modules with different versions ) r? `@ghost` `@rustbot` modify labels: rollup
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Feb 9, 2025
Rollup of 5 pull requests Successful merges: - rust-lang#134679 (Windows: remove readonly files) - rust-lang#136213 (Allow Rust to use a number of libc filesystem calls) - rust-lang#136530 (Implement `x perf` directly in bootstrap) - rust-lang#136601 (Detect (non-raw) borrows of null ZST pointers in CheckNull) - rust-lang#136659 (Pick the max DWARF version when LTO'ing modules with different versions ) r? `@ghost` `@rustbot` modify labels: rollup
rust-timer
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Feb 9, 2025
Rollup merge of rust-lang#136601 - compiler-errors:borrow-null-zst, r=saethlin Detect (non-raw) borrows of null ZST pointers in CheckNull Fixes rust-lang#136568. Ensures that we check that borrows of derefs are non-null in the `CheckNull` pass **even if** it's a ZST pointee. I'm actually surprised that this is UB in Miri, but if it's certainly UB, then this PR modifies the null check to be stricter. I couldn't find anywhere in https://doc.rust-lang.org/reference/behavior-considered-undefined.html that discusses this case specifically, but I didn't read it too closely, or perhaps it's just missing a bullet point. On the contrary, if this is actually erroneous UB in Miri, then I'm happy to close this (and perhaps fix the null check in Miri to exclude ZSTs?) On the double contrary, if this is still an "open question", I'm also happy to close this and wait for a decision to be made. r? ``@saethlin`` cc ``@RalfJung`` (perhaps you feel strongly about this change)
github-actions bot
pushed a commit
to tautschnig/verify-rust-std
that referenced
this pull request
Mar 11, 2025
Fixes #136568. Ensures that we check that borrows of derefs are non-null in the
CheckNullpass even if it's a ZST pointee.I'm actually surprised that this is UB in Miri, but if it's certainly UB, then this PR modifies the null check to be stricter. I couldn't find anywhere in https://doc.rust-lang.org/reference/behavior-considered-undefined.html that discusses this case specifically, but I didn't read it too closely, or perhaps it's just missing a bullet point.
On the contrary, if this is actually erroneous UB in Miri, then I'm happy to close this (and perhaps fix the null check in Miri to exclude ZSTs?)
On the double contrary, if this is still an "open question", I'm also happy to close this and wait for a decision to be made.
r? @saethlin cc @RalfJung (perhaps you feel strongly about this change)