Add a flag to check the validity of a Stack

saethlin · saethlin · commit be00557df280 · 2022-05-21T11:15:26.000-04:00
diff --git a/src/bin/miri.rs b/src/bin/miri.rs
@@ -397,6 +397,9 @@ fn main() {
                     );
                     miri_config.tag_raw = true;
                 }
+                "-Zmiri-verify-stack-consistency" => {
+                    miri_config.verify_stack_cache = true;
+                }
                 "--" => {
                     after_dashdash = true;
                 }
diff --git a/src/eval.rs b/src/eval.rs
@@ -119,6 +119,9 @@ pub struct MiriConfig {
     /// Whether to ignore any output by the program. This is helpful when debugging miri
     /// as its messages don't get intermingled with the program messages.
     pub mute_stdout_stderr: bool,
+    /// Whether we should check the internal validity requirements of the Stack data structure
+    /// itself (in addition to checking the program being executed).
+    pub verify_stack_cache: bool,
 }
 
 impl Default for MiriConfig {
@@ -146,6 +149,7 @@ impl Default for MiriConfig {
             backtrace_style: BacktraceStyle::Short,
             strict_provenance: false,
             mute_stdout_stderr: false,
+            verify_stack_cache: false,
         }
     }
 }
diff --git a/src/machine.rs b/src/machine.rs
@@ -295,6 +295,9 @@ pub struct Evaluator<'mir, 'tcx> {
 
     /// Corresponds to -Zmiri-mute-stdout-stderr and doesn't write the output but acts as if it succeeded.
     pub(crate) mute_stdout_stderr: bool,
+
+    /// Controls whether the borrow stack checks the integrity of its internal caches.
+    pub(crate) verify_stack_cache: bool,
 }
 
 impl<'mir, 'tcx> Evaluator<'mir, 'tcx> {
@@ -349,6 +352,7 @@ impl<'mir, 'tcx> Evaluator<'mir, 'tcx> {
             check_alignment: config.check_alignment,
             cmpxchg_weak_failure_rate: config.cmpxchg_weak_failure_rate,
             mute_stdout_stderr: config.mute_stdout_stderr,
+            verify_stack_cache: config.verify_stack_cache,
         }
     }
 
@@ -585,6 +589,7 @@ impl<'mir, 'tcx> Machine<'mir, 'tcx> for Evaluator<'mir, 'tcx> {
                 stacked_borrows,
                 kind,
                 ecx.machine.current_span(),
+                ecx.machine.verify_stack_cache,
             ))
         } else {
             None
diff --git a/src/stacked_borrows.rs b/src/stacked_borrows.rs
@@ -503,9 +503,9 @@ impl<'tcx> Stack {
 /// Map per-stack operations to higher-level per-location-range operations.
 impl<'tcx> Stacks {
     /// Creates new stack with initial tag.
-    fn new(size: Size, perm: Permission, tag: SbTag) -> Self {
+    fn new(size: Size, perm: Permission, tag: SbTag, verify: bool) -> Self {
         let item = Item { perm, tag, protector: None };
-        let stack = Stack::new(item);
+        let stack = Stack::new(item, verify);
         Stacks {
             stacks: RefCell::new(RangeMap::new(size, stack)),
             history: RefCell::new(AllocHistory::new()),
@@ -549,6 +549,7 @@ impl Stacks {
         state: &GlobalState,
         kind: MemoryKind<MiriMemoryKind>,
         mut current_span: CurrentSpan<'_, '_, '_>,
+        verify: bool,
     ) -> Self {
         let mut extra = state.borrow_mut();
         let (base_tag, perm) = match kind {
@@ -582,7 +583,7 @@ impl Stacks {
                 (tag, Permission::SharedReadWrite)
             }
         };
-        let stacks = Stacks::new(size, perm, base_tag);
+        let stacks = Stacks::new(size, perm, base_tag, verify);
         stacks.history.borrow_mut().log_creation(
             None,
             base_tag,
diff --git a/src/stacked_borrows/stack.rs b/src/stacked_borrows/stack.rs
@@ -17,7 +17,7 @@ pub struct Stack {
     /// On a read, we need to disable all `Unique` above the granting item. We can avoid most of
     /// this scan by keeping track of the region of the borrow stack that may contain `Unique`s.
     unique_range: Range<usize>,
-    validate_cache: bool,
+    verify_cache: bool,
 }
 
 #[derive(Clone, Debug)]
@@ -49,7 +49,7 @@ impl Stack {
     /// - The StackCache indices don't refer to the parallel tags,
     /// - If top_untagged is Some it is the topmost Untagged
     /// - There are no Unique tags outside of first_unique..last_unique
-    fn check_cache_validity(&self) {
+    fn verify_cache_consistency(&self) {
         for (tag, stack_idx) in self.cache.tags.iter().zip(self.cache.idx.iter()) {
             assert_eq!(self.borrows[*stack_idx].tag, *tag);
         }
@@ -72,8 +72,8 @@ impl Stack {
     /// Find the item granting the given kind of access to the given tag, and return where
     /// it is on the stack.
     pub fn find_granting(&mut self, access: AccessKind, tag: SbTag) -> Option<usize> {
-        if self.validate_cache {
-            self.check_cache_validity();
+        if self.verify_cache {
+            self.verify_cache_consistency();
         }
 
         match tag {
@@ -111,8 +111,8 @@ impl Stack {
     }
 
     pub fn insert(&mut self, new_idx: usize, new: Item) {
-        if self.validate_cache {
-            self.check_cache_validity();
+        if self.verify_cache {
+            self.verify_cache_consistency();
         }
 
         self.borrows.insert(new_idx, new);
@@ -152,13 +152,13 @@ impl Stack {
         }
     }
 
-    pub fn new(item: Item) -> Self {
+    pub fn new(item: Item, verify: bool) -> Self {
         Stack {
             borrows: vec![item],
             cache: StackCache { idx: [0; CACHE_LEN], tags: [item.tag; CACHE_LEN] },
             unique_range: if item.perm == Permission::Unique { 0..1 } else { 0..0 },
             top_untagged: None,
-            validate_cache: false,
+            verify_cache: verify,
         }
     }
 
@@ -175,8 +175,8 @@ impl Stack {
         granting_idx: usize,
         mut visitor: V,
     ) -> crate::InterpResult<'static> {
-        if self.validate_cache {
-            self.check_cache_validity();
+        if self.verify_cache {
+            self.verify_cache_consistency();
         }
 
         if granting_idx < self.unique_range.end {
@@ -205,8 +205,8 @@ impl Stack {
     }
 
     pub fn drain_rev(&mut self, range: std::ops::Range<usize>) -> DrainRev<'_> {
-        if self.validate_cache {
-            self.check_cache_validity();
+        if self.verify_cache {
+            self.verify_cache_consistency();
         }
 
         DrainRev { start: range.start, stack: self, cursor: range.end - 1 }

Original file line number	Diff line number	Diff line change
`@@ -397,6 +397,9 @@ fn main() {`
`397`	`397`	`);`
`398`	`398`	`miri_config.tag_raw = true;`
`399`	`399`	`}`
	`400`	`+ "-Zmiri-verify-stack-consistency" => {`
	`401`	`+ miri_config.verify_stack_cache = true;`
	`402`	`+ }`
`400`	`403`	`"--" => {`
`401`	`404`	`after_dashdash = true;`
`402`	`405`	`}`
Original file line number	Diff line number	Diff line change
`@@ -119,6 +119,9 @@ pub struct MiriConfig {`
`119`	`119`	`/// Whether to ignore any output by the program. This is helpful when debugging miri`
`120`	`120`	`/// as its messages don't get intermingled with the program messages.`
`121`	`121`	`pub mute_stdout_stderr: bool,`
	`122`	`+ /// Whether we should check the internal validity requirements of the Stack data structure`
	`123`	`+ /// itself (in addition to checking the program being executed).`
	`124`	`+ pub verify_stack_cache: bool,`
`122`	`125`	`}`
`123`	`126`
`124`	`127`	`impl Default for MiriConfig {`
`@@ -146,6 +149,7 @@ impl Default for MiriConfig {`
`146`	`149`	`backtrace_style: BacktraceStyle::Short,`
`147`	`150`	`strict_provenance: false,`
`148`	`151`	`mute_stdout_stderr: false,`
	`152`	`+ verify_stack_cache: false,`
`149`	`153`	`}`
`150`	`154`	`}`
`151`	`155`	`}`
Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ pub struct Stack {`
`17`	`17`	/// On a read, we need to disable all `Unique` above the granting item. We can avoid most of
`18`	`18`	/// this scan by keeping track of the region of the borrow stack that may contain `Unique`s.
`19`	`19`	`unique_range: Range<usize>,`
`20`		`- validate_cache: bool,`
	`20`	`+ verify_cache: bool,`
`21`	`21`	`}`
`22`	`22`
`23`	`23`	`#[derive(Clone, Debug)]`
`@@ -49,7 +49,7 @@ impl Stack {`
`49`	`49`	`/// - The StackCache indices don't refer to the parallel tags,`
`50`	`50`	`/// - If top_untagged is Some it is the topmost Untagged`
`51`	`51`	`/// - There are no Unique tags outside of first_unique..last_unique`
`52`		`- fn check_cache_validity(&self) {`
	`52`	`+ fn verify_cache_consistency(&self) {`
`53`	`53`	`for (tag, stack_idx) in self.cache.tags.iter().zip(self.cache.idx.iter()) {`
`54`	`54`	`assert_eq!(self.borrows[stack_idx].tag, tag);`
`55`	`55`	`}`
`@@ -72,8 +72,8 @@ impl Stack {`
`72`	`72`	`/// Find the item granting the given kind of access to the given tag, and return where`
`73`	`73`	`/// it is on the stack.`
`74`	`74`	`pub fn find_granting(&mut self, access: AccessKind, tag: SbTag) -> Option<usize> {`
`75`		`- if self.validate_cache {`
`76`		`- self.check_cache_validity();`
	`75`	`+ if self.verify_cache {`
	`76`	`+ self.verify_cache_consistency();`
`77`	`77`	`}`
`78`	`78`
`79`	`79`	`match tag {`
`@@ -111,8 +111,8 @@ impl Stack {`
`111`	`111`	`}`
`112`	`112`
`113`	`113`	`pub fn insert(&mut self, new_idx: usize, new: Item) {`
`114`		`- if self.validate_cache {`
`115`		`- self.check_cache_validity();`
	`114`	`+ if self.verify_cache {`
	`115`	`+ self.verify_cache_consistency();`
`116`	`116`	`}`
`117`	`117`
`118`	`118`	`self.borrows.insert(new_idx, new);`
`@@ -152,13 +152,13 @@ impl Stack {`
`152`	`152`	`}`
`153`	`153`	`}`
`154`	`154`
`155`		`- pub fn new(item: Item) -> Self {`
	`155`	`+ pub fn new(item: Item, verify: bool) -> Self {`
`156`	`156`	`Stack {`
`157`	`157`	`borrows: vec![item],`
`158`	`158`	`cache: StackCache { idx: [0; CACHE_LEN], tags: [item.tag; CACHE_LEN] },`
`159`	`159`	`unique_range: if item.perm == Permission::Unique { 0..1 } else { 0..0 },`
`160`	`160`	`top_untagged: None,`
`161`		`- validate_cache: false,`
	`161`	`+ verify_cache: verify,`
`162`	`162`	`}`
`163`	`163`	`}`
`164`	`164`
`@@ -175,8 +175,8 @@ impl Stack {`
`175`	`175`	`granting_idx: usize,`
`176`	`176`	`mut visitor: V,`
`177`	`177`	`) -> crate::InterpResult<'static> {`
`178`		`- if self.validate_cache {`
`179`		`- self.check_cache_validity();`
	`178`	`+ if self.verify_cache {`
	`179`	`+ self.verify_cache_consistency();`
`180`	`180`	`}`
`181`	`181`
`182`	`182`	`if granting_idx < self.unique_range.end {`
`@@ -205,8 +205,8 @@ impl Stack {`
`205`	`205`	`}`
`206`	`206`
`207`	`207`	`pub fn drain_rev(&mut self, range: std::ops::Range<usize>) -> DrainRev<'_> {`
`208`		`- if self.validate_cache {`
`209`		`- self.check_cache_validity();`
	`208`	`+ if self.verify_cache {`
	`209`	`+ self.verify_cache_consistency();`
`210`	`210`	`}`
`211`	`211`
`212`	`212`	`DrainRev { start: range.start, stack: self, cursor: range.end - 1 }`