Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UB in bitslice code #14

Open
workingjubilee opened this issue May 12, 2024 · 10 comments · Fixed by #15
Open

UB in bitslice code #14

workingjubilee opened this issue May 12, 2024 · 10 comments · Fixed by #15

Comments

@workingjubilee
Copy link

This collections crate fails to uphold the required invariants for callers of slice::from_raw_parts

    Finished `test` profile [unoptimized + debuginfo] target(s) in 0.00s
warning: the following packages contain code that will be rejected by a future version of Rust: deepmesa-collections v0.9.1-dev (/home/jubilee/rust/deepmesa-rs/deepmesa-collections)
note: to see what the problems were, use the option `--future-incompat-report`, or run `cargo report future-incompatibilities --id 3`
     Running unittests src/lib.rs (/home/jubilee/rust/deepmesa-rs/target/debug/deps/deepmesa_collections-ce24e785b41b8b87)

running 169 tests
thread 'bitvec::bitslice::tests::test_any' panicked at library/core/src/panicking.rs:156:5:
unsafe precondition(s) violated: slice::from_raw_parts requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX`
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
thread caused non-unwinding panic. aborting.
error: test failed, to rerun pass `--lib`

Caused by:
  process didn't exit successfully: `/home/jubilee/rust/deepmesa-rs/target/debug/deps/deepmesa_collections-ce24e785b41b8b87` (signal: 6, SIGABRT: process abort signal)
   Doc-tests deepmesa-collections


running 141 tests
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice (line 63) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::as_u16 (line 1348) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::as_u128 (line 1497) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::as_u8 (line 1318) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::as_u16 (line 1364) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::as_u64 (line 1438) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::as_u64 (line 1453) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::as_u32 (line 1394) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::as_u32 (line 1409) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::as_u8 (line 1304) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::fill (line 426) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::as_u128 (line 1482) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::iter (line 1118) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::first (line 954) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::get_mut (line 472) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::iter_u32 (line 1224) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::iter_u128 (line 1277) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::iter_u16 (line 1198) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::iter_mut (line 1139) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::first_mut (line 980) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::iter_ones (line 1070) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::get (line 448) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::iter_u8 (line 1171) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::iter_zeros (line 1094) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::leading_ones (line 592) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::iter_u64 (line 1251) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::leading_zeros (line 628) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::last (line 1012) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::len (line 391) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::last_mut (line 1038) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::count_ones (line 734) ... FAILED
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::count_zeros (line 768) ... FAILED
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::all (line 528) ... FAILED
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::any (line 500) ... FAILED
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::first_zero (line 841) ... FAILED
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::first_one (line 803) ... FAILED
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::read_bits_u32 (line 1793) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::read_bits_u64 (line 1839) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::read_bits_u128 (line 1885) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::read_bits_u16 (line 1747) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::read_u128 (line 1650) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::read_bits_u8 (line 1701) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::last_zero (line 917) ... FAILED
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::read_u32 (line 1587) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::read_u16 (line 1557) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::read_u64 (line 1618) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::read_u8 (line 1527) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::last_one (line 879) ... FAILED
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::set (line 562) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector (line 63) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector (line 82) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::as_mut_raw_ptr (line 1863) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::as_raw_ptr (line 1845) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::as_mut_bitslice (line 1778) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::capacity (line 289) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::as_raw_slice (line 1799) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::append (line 1878) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::as_mut_raw_slice (line 1822) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::as_bitslice (line 1759) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::clear (line 332) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::count_ones (line 530) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::count_zeros (line 560) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::extend_from_bitslice (line 1902) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::fill (line 2080) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::is_empty (line 316) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::first_mut (line 721) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::first_one (line 617) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::first_zero (line 588) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::first (line 697) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::get (line 1993) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::from_bitslice (line 1924) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::iter (line 364) ... ok
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::trailing_zeros (line 700) ... FAILED
test deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::trailing_ones (line 664) ... FAILED
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::iter_mut (line 384) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::iter_u128 (line 959) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::iter_u16 (line 880) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::iter_ones (line 803) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::iter_u32 (line 906) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::last_one (line 672) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::iter_zeros (line 823) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::iter_u8 (line 853) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::last_zero (line 646) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::last (line 749) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::iter_u64 (line 933) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::last_mut (line 773) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::new (line 259) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::leading_ones (line 408) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::leading_zeros (line 438) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::len (line 301) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::pop (line 2047) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::push (line 2027) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::push_bits_u128 (line 1561) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::push_bits_u16 (line 1422) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::push_bits_u32 (line 1468) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::push_u16 (line 1629) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::push_u128 (line 1728) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::read_bits_u128 (line 1336) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::push_u32 (line 1662) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::push_bits_u8 (line 1375) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::push_u8 (line 1596) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::push_bits_u64 (line 1514) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::read_bits_u64 (line 1291) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::push_u64 (line 1695) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::read_bits_u32 (line 1246) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::read_bits_u16 (line 1200) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::read_bits_u8 (line 1155) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::read_u32 (line 1043) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::read_u16 (line 1014) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::read_u128 (line 1105) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::read_u64 (line 1074) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::with_capacity (line 273) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::repeat (line 1945) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::set (line 1959) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::read_u8 (line 985) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::trailing_zeros (line 500) ... ok
test deepmesa-collections/src/bitvec/bitvec.rs - bitvec::bitvec::BitVector::trailing_ones (line 469) ... ok
test deepmesa-collections/src/bitvec/iter.rs - bitvec::iter::Iter (line 212) ... ok
test deepmesa-collections/src/bitvec/iter.rs - bitvec::iter::IterOnes (line 374) ... ok
test deepmesa-collections/src/bitvec/iter.rs - bitvec::iter::IterMut (line 241) ... ok
test deepmesa-collections/src/bitvec/iter.rs - bitvec::iter::IterU128 (line 186) ... ok
test deepmesa-collections/src/bitvec/iter.rs - bitvec::iter::IterU16 (line 111) ... ok
test deepmesa-collections/src/bitvec/iter.rs - bitvec::iter::IterU32 (line 136) ... ok
test deepmesa-collections/src/bitvec/iter.rs - bitvec::iter::IterU64 (line 162) ... ok
test deepmesa-collections/src/bitvec/traits.rs - bitvec::traits::AsLsb0 (line 686) ... ok
test deepmesa-collections/src/bitvec/iter.rs - bitvec::iter::IterU8 (line 85) ... ok
test deepmesa-collections/src/bitvec/traits.rs - bitvec::traits::AsLsb0 (line 698) ... ok
test deepmesa-collections/src/bitvec/iter.rs - bitvec::iter::IterZeros (line 400) ... ok
test deepmesa-collections/src/bitvec/mod.rs - bitvec::bitvector (line 78) ... ok
test deepmesa-collections/src/bitvec/mod.rs - bitvec::bitvector (line 53) ... ok
test deepmesa-collections/src/bitvec/traits.rs - bitvec::traits::AsMsb0 (line 656) ... ok
test deepmesa-collections/src/bitvec/traits.rs - bitvec::traits::AsMsb0 (line 668) ... ok
test deepmesa-collections/src/bitvec/mod.rs - bitvec::bitvector (line 66) ... ok
test deepmesa-collections/src/bitvec/traits.rs - bitvec::traits::BitwiseClear::clear_lsb_nth (line 77) ... ok
test deepmesa-collections/src/bitvec/traits.rs - bitvec::traits::BitwiseClear::clear_msb (line 68) ... ok
test deepmesa-collections/src/bitvec/traits.rs - bitvec::traits::BitwiseClear::clear_lsb (line 59) ... ok
test deepmesa-collections/src/bitvec/traits.rs - bitvec::traits::BitwiseClear::clear_msb_nth (line 86) ... ok
test deepmesa-collections/src/bitvec/traits.rs - bitvec::traits::BitwiseClearAssign::clear_lsb_assign (line 99) ... ok
test deepmesa-collections/src/bitvec/traits.rs - bitvec::traits::BitwiseClearAssign::clear_lsb_nth_assign (line 119) ... ok
test deepmesa-collections/src/bitvec/traits.rs - bitvec::traits::BitwiseClearAssign::clear_msb_assign (line 109) ... ok
test deepmesa-collections/src/bitvec/traits.rs - bitvec::traits::BitwiseClearAssign::clear_msb_nth_assign (line 130) ... ok

failures:

---- deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::count_ones (line 734) stdout ----
Test executable failed (signal: 6 (SIGABRT) (core dumped)).

stderr:
thread 'main' panicked at library/core/src/panicking.rs:156:5:
unsafe precondition(s) violated: slice::from_raw_parts requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX`


---- deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::count_zeros (line 768) stdout ----
Test executable failed (signal: 6 (SIGABRT) (core dumped)).

stderr:
thread 'main' panicked at library/core/src/panicking.rs:156:5:
unsafe precondition(s) violated: slice::from_raw_parts requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX`


---- deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::all (line 528) stdout ----
Test executable failed (signal: 6 (SIGABRT) (core dumped)).

stderr:
thread 'main' panicked at library/core/src/panicking.rs:156:5:
unsafe precondition(s) violated: slice::from_raw_parts requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX`


---- deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::any (line 500) stdout ----
Test executable failed (signal: 6 (SIGABRT) (core dumped)).

stderr:
thread 'main' panicked at library/core/src/panicking.rs:156:5:
unsafe precondition(s) violated: slice::from_raw_parts requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX`


---- deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::first_zero (line 841) stdout ----
Test executable failed (signal: 6 (SIGABRT) (core dumped)).

stderr:
thread 'main' panicked at library/core/src/panicking.rs:156:5:
unsafe precondition(s) violated: slice::from_raw_parts requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX`


---- deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::first_one (line 803) stdout ----
Test executable failed (signal: 6 (SIGABRT) (core dumped)).

stderr:
thread 'main' panicked at library/core/src/panicking.rs:156:5:
unsafe precondition(s) violated: slice::from_raw_parts requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX`


---- deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::last_zero (line 917) stdout ----
Test executable failed (signal: 6 (SIGABRT) (core dumped)).

stderr:
thread 'main' panicked at library/core/src/panicking.rs:156:5:
unsafe precondition(s) violated: slice::from_raw_parts requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX`

---- deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::last_one (line 879) stdout ----
Test executable failed (signal: 6 (SIGABRT) (core dumped)).

stderr:
thread 'main' panicked at library/core/src/panicking.rs:156:5:
unsafe precondition(s) violated: slice::from_raw_parts requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX`


---- deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::trailing_zeros (line 700) stdout ----
Test executable failed (signal: 6 (SIGABRT) (core dumped)).

stderr:
thread 'main' panicked at library/core/src/panicking.rs:156:5:
unsafe precondition(s) violated: slice::from_raw_parts requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX`


---- deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::trailing_ones (line 664) stdout ----
Test executable failed (signal: 6 (SIGABRT) (core dumped)).

stderr:
thread 'main' panicked at library/core/src/panicking.rs:156:5:
unsafe precondition(s) violated: slice::from_raw_parts requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX`

failures:
    deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::all (line 528)
    deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::any (line 500)
    deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::count_ones (line 734)
    deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::count_zeros (line 768)
    deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::first_one (line 803)
    deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::first_zero (line 841)
    deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::last_one (line 879)
    deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::last_zero (line 917)
    deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::trailing_ones (line 664)
    deepmesa-collections/src/bitvec/bitslice.rs - bitvec::bitslice::BitSlice::trailing_zeros (line 700)

test result: FAILED. 131 passed; 10 failed; 0 ignored; 0 measured; 0 filtered out; finished in 1.24s

error: doctest failed, to rerun pass `--doc`
error: 2 targets failed:
    `--lib`
    `--doc`
@workingjubilee workingjubilee mentioned this issue May 12, 2024
Closed
@workingjubilee
Copy link
Author

I believe the issue is that the Index implementations do not correctly bound the slice's len in the RangeFrom implementation.

@digama0
Copy link

digama0 commented May 12, 2024
edited
Loading

For more information: This crate uses the type

struct BitSlice([u8]);

which is returned by indexing methods as &BitSlice, which (ab)uses the length field to pack the bit index into the top 3 bits of the slice length. This is undefined behavior per spec, because references are supposed to point to an actual live allocation and this is lying about the length of that allocation - in particular it frequently produces slice lengths larger than the largest possible allocation size isize::MAX which is now being detected in assertions in the standard library.

The simplest fix is to have BitSlice wrap *const [u8] instead, which has no such requirements on the slice length.

@workingjubilee
Copy link
Author

Oh, you actually took a much deeper look than I did. Awesome!

@arrsingh arrsingh mentioned this issue May 26, 2024
Merged
@arrsingh
Copy link
Contributor

Thank you for reporting this! I've fixed the issue here #15

@digama0
Copy link

digama0 commented May 26, 2024

@arrsingh This does not fix the issue, it only evades the debug UB check. It is not allowed to have a reference of a slice which goes beyond the original allocation at all, but one obvious sign of this is a slice whose length is larger than isize::MAX.

@arrsingh
Copy link
Contributor

arrsingh commented May 26, 2024
edited
Loading

This change ensures that the MSB of the len passed to from_raw_parts(...) will always be zero and hence the max value of len will be less than (2^63)-1. So it falls within the constraint specified in the documentation that len should never exceed isize::MAX.

I will stipulate that technically the len passed in will be greater than the underlying allocation and goes against the intent of the UB check. If one were to try and dereference the underlying pointer using the len as passed in then yes that behavior would be undefined. However, so long as the pointer is dereferenced only with the provided slice implementation in practice the length won't actually be accessed.

Is this implementation a hack of the len field? Absolutely.

@arrsingh arrsingh linked a pull request May 26, 2024 that will close this issue
Fix for issue UB in BitSlice Code #15
Merged
@digama0
Copy link

digama0 commented May 26, 2024

No, this is a violation of rust UB rules as they are currently understood. The length field must not be more than isize::MAX but that is not the only constraint. Have you run the code through Miri? It is better at checking the more expensive UB rules. Here is a simplified example, where we just create a slice which has a size which is too large for its allocation (but still less than isize::MAX), and do not read it or do anything else with it. Just creating the slice is already UB. (Select "Tools > Miri" to run the example with Miri.)

@arrsingh
Copy link
Contributor

arrsingh commented May 27, 2024
edited
Loading

The fundamental issue here is that slices are double word pointers (64 bit pointer + 64 bit length = 128 bits on a 64 bit machine). Implementing a bitslice means that we need an additional 3 bits to store the offset of the first bit into the start byte. We could create a specific structure with a u8 offset in addition to the ptr and len, but that won't work because we can't transmute BitSlice<'a> into &'a [T] because the Index::Index trait returns &Self::Output. So the options to implement slices in a BitVector are the following:

  1. Have BitSlice wrap a ZST - struct BitSlice([()]) - and then write all the pointer code with its own memory layout
  2. Hack the offset into the len field and limit the bitvector length to 60 bits
  3. Don't implement the slicing using the rust syntax and instead implement a get_slice() method that returns a custom ref.

Option 2 is the simplest and it works because while theoretically the len value can be dereferenced, in practice however, its difficult to dereference that pointer without going through the code that packs / unpacks it. For example, BitSlice doesn't implement as_ptr() (unlike std::vec slices).

Someday I might get around to implementing the slice by wrapping a ZST rather than a [u8] but for now this will have to do. If you'd like to contribute an implementation that works I'll happily and gratefully accept a PR.

@digama0
Copy link

digama0 commented May 28, 2024

I have to admit that I am not invested enough in this project or issue to write a fix, and if you want to ignore UB which is of a sufficiently theoretical nature and which does not seem to manifest as miscompilation in practice, that's your prerogative (I wouldn't blame you at all for doing that, I've done it myself from time to time). But I would suggest in that case either leaving this issue open, or putting a comment in the code acknowledging that you know it is UB and consider it okay in practice (and then if it blows up later it will at least be easier to track down).

Separately, if you would like to defend option (2) as a legitimate technique and you think the rust opsem team (of which I am a member) is overstepping their bounds in declaring this UB, please bring it up on https://github.com/rust-lang/unsafe-code-guidelines/issues or https://rust-lang.zulipchat.com/#narrow/stream/136281-t-opsem .

Regarding potential fixes: (1) is an interesting idea, I hadn't considered that. It doesn't run afoul of reference rules since the ZST slice encompasses 0 bytes, and while it may violate strict subobject rules (i.e. using a reference to access memory outside its declared length), those rules seem likely to be dropped anyway and are not supported in newer drafts of the memory model. (3) will definitely work but it comes at an obvious ergonomic cost. There is also option (4) of making BitSlice<'_> itself be a struct with the appropriate bitpacking, and returning &BitSlice<'_> from indexing methods (which is one more reference than you probably want, but it will probably be optimized out in usage code).

@arrsingh
Copy link
Contributor

arrsingh commented Jun 1, 2024

Hacking the offset into the length is definitely not the best approach and I wouldn't recommend this in production. Its definitely a hack to make things work for now. I really should implement it by wrapping a ZST but for now its more work than I have time for.

I'll leave this issue open as a reminder and once I get around to re implementing this I'll post an update here.

@arrsingh arrsingh reopened this Jun 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix for issue UB in BitSlice Code deepmesa/deepmesa-rs
3 participants
@digama0 @arrsingh @workingjubilee