miri: Add option to flag uninitialized integers as UB
The reference currently states that this code is UB, but Miri deliberately accepts it:
fn main() {
let _val = unsafe { std::mem::MaybeUninit::<usize>::uninit().assume_init() };
}
The reason we accept it is that the lang-team is not sure if we really want this to be UB (also see https://github.com/rust-lang/unsafe-code-guidelines/issues/71), so the conservative choice for the reference is to make it UB for now, but in Miri I fear this might lead to too many errors that people could consider false positives (even though by the letter of the reference they are true positives).
Still it could be interesting to see how much code (that Miri can run) actually fails when considering uninitialized integers UB, so having a flag in Miri to enable stricter checking would be interesting.
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Reactions: 4
- Comments: 17 (17 by maintainers)
Commits related to this issue
- Auto merge of #1886 - camelid:stage2, r=RalfJung Stage 2 seems to be required after all Reverts most of bb59980b2da10437ce1ee4d53bdb3feb1f4a9c5f. See the discussion starting at https://github.com/r... — committed to rust-lang/miri by bors 3 years ago
- Auto merge of #88670 - camelid:miri-uninit-num, r=RalfJung miri: Detect uninitialized integers and floats Part of rust-lang/miri#1340. Companion Miri PR: rust-lang/miri#1904 r? `@RalfJung` — committed to rust-lang-ci/rust by bors 3 years ago
- Auto merge of #1904 - camelid:uninit-num, r=RalfJung Add flag to check for uninitialized numbers Closes #1340. Companion rustc PR that implements this in the Miri engine: rust-lang/rust#88670 r? `... — committed to rust-lang/miri by bors 3 years ago
- Update Miri This is the last step in landing rust-lang/miri#1340! — committed to camelid/rust by camelid 3 years ago
- Rollup merge of #90783 - camelid:update-miri, r=RalfJung Update Miri Fixes #90763. This is the last step in landing rust-lang/miri#1340! r? `@RalfJung` — committed to matthiaskrgr/rust by matthiaskrgr 3 years ago
Yeah – (a) I am not sure if we are hitting those codepaths (we are not running the std test suite, only core and alloc), and (b) validity is not checked recursively through references (see https://github.com/rust-lang/unsafe-code-guidelines/issues/77).
The good news is that the Rust libcore/liballoc test suites pass even with this flag. 😃