-
Notifications
You must be signed in to change notification settings - Fork 63
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
mir_static
and mir_static_initializer
This adds support for the `mir_static` and `mir_static_initializer` functions in the MIR backend, which are used to write specifications involving top-level `static` values. These behave like the `llvm_global` and `llvm_global_initializer` functions in the LLVM backend, but with the following differences: 1. There is nor MIR counterpart to the `llvm_alloc_global` command, as MIR static values are not "allocated" in the same way that LLVM globals are. (We still require users to initialize mutable MIR statics, however.) 2. By design, static references created with `mir_static` cannot alias allocations created with `mir_alloc`, as the two forms of allocations are handled through different mechanisms in the `crucible-mir` memory model. This checks off one box in #1859.
- Loading branch information
1 parent
41c0ca4
commit b0e7c25
Showing
19 changed files
with
1,072 additions
and
176 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
all: test.linked-mir.json | ||
|
||
test.linked-mir.json: test.rs | ||
saw-rustc $< | ||
$(MAKE) remove-unused-build-artifacts | ||
|
||
.PHONY: remove-unused-build-artifacts | ||
remove-unused-build-artifacts: | ||
rm -f test libtest.mir libtest.rlib | ||
|
||
.PHONY: clean | ||
clean: remove-unused-build-artifacts | ||
rm -f test.linked-mir.json |
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
static S1: u32 = 1; | ||
static S2: u32 = 2; | ||
static mut S3: u32 = 3; | ||
|
||
// rustc is very eager to inline immutable, top-level static values, even on the | ||
// lowest optimization settings. To ensure that S1 isn't inlined, we must | ||
// introduce this extra layer of indirection. | ||
#[inline(never)] | ||
pub fn f1_aux() -> &'static u32 { | ||
&S1 | ||
} | ||
|
||
pub fn f1() -> u32 { | ||
*f1_aux() | ||
} | ||
|
||
pub fn f2() -> &'static u32 { | ||
&S2 | ||
} | ||
|
||
pub fn f3() -> u32 { | ||
unsafe { | ||
S3 = S3.wrapping_add(1); | ||
S3 | ||
} | ||
} | ||
|
||
pub fn g(r: &u32) -> bool { | ||
std::ptr::eq(r, &S1) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,115 @@ | ||
enable_experimental; | ||
|
||
// A basic spec that uses the initial value of S1. | ||
let f1_spec = do { | ||
mir_execute_func []; | ||
|
||
mir_return (mir_static_initializer "test::S1"); | ||
}; | ||
|
||
// An alternative spec that uses a different initial value for S1. | ||
let f1_alt_spec = do { | ||
let s1_static = mir_static "test::S1"; | ||
let init = mir_term {{ 42 : [32] }}; | ||
mir_points_to s1_static init; | ||
|
||
mir_execute_func []; | ||
|
||
mir_points_to s1_static init; | ||
mir_return init; | ||
}; | ||
|
||
// A buggy spec that refers to a non-existent static initializer value. | ||
let f1_fail_spec = do { | ||
mir_execute_func []; | ||
|
||
mir_return (mir_static_initializer "test::S1_fake"); | ||
}; | ||
|
||
// A buggy spec that refers to a non-existent static value. | ||
let f1_fail_alt_spec = do { | ||
let s1_static = mir_static "test::S1_fake"; | ||
let init = mir_term {{ 42 : [32] }}; | ||
mir_points_to s1_static init; | ||
|
||
mir_execute_func []; | ||
|
||
mir_points_to s1_static init; | ||
mir_return init; | ||
}; | ||
|
||
// A spec that matches against a static in the return value. | ||
let f2_spec = do { | ||
mir_execute_func []; | ||
|
||
mir_return (mir_static "test::S2"); | ||
}; | ||
|
||
// A basic spec that uses the initial value of S3. | ||
let f3_spec = do { | ||
let s3_static = mir_static "test::S3"; | ||
mir_points_to s3_static (mir_static_initializer "test::S3"); | ||
|
||
mir_execute_func []; | ||
|
||
let ret = mir_term {{ 4 : [32] }}; | ||
mir_points_to s3_static ret; | ||
mir_return ret; | ||
}; | ||
|
||
// An alternative spec that uses a different initial value for S3. | ||
let f3_alt_spec = do { | ||
let s3_static = mir_static "test::S3"; | ||
let init = {{ 42 : [32] }}; | ||
mir_points_to s3_static (mir_term init); | ||
|
||
mir_execute_func []; | ||
|
||
let ret = mir_term {{ init + 1 }}; | ||
mir_points_to s3_static ret; | ||
mir_return ret; | ||
}; | ||
|
||
// A buggy spec that does not initialize S3 (a mutable static value). | ||
let f3_fail_spec = do { | ||
mir_execute_func []; | ||
|
||
mir_return (mir_term {{ 4 : [32] }}); | ||
}; | ||
|
||
// A spec that ensures that fresh allocations do not alias with static | ||
// references. | ||
let g_spec = do { | ||
r_ref <- mir_alloc mir_u32; | ||
|
||
mir_execute_func [r_ref]; | ||
|
||
mir_return (mir_term {{ False }}); | ||
}; | ||
|
||
// g(&S1) should return True. | ||
let g_alt_spec = do { | ||
mir_execute_func [mir_static "test::S1"]; | ||
|
||
mir_return (mir_term {{ True }}); | ||
}; | ||
|
||
m <- mir_load_module "test.linked-mir.json"; | ||
|
||
mir_verify m "test::f1" [] false f1_spec z3; | ||
mir_verify m "test::f1" [] false f1_alt_spec z3; | ||
mir_verify m "test::f2" [] false f2_spec z3; | ||
mir_verify m "test::f3" [] false f3_spec z3; | ||
mir_verify m "test::f3" [] false f3_alt_spec z3; | ||
mir_verify m "test::g" [] false g_spec z3; | ||
mir_verify m "test::g" [] false g_alt_spec z3; | ||
|
||
fails ( | ||
mir_verify m "test::f1" [] false f1_fail_spec z3 | ||
); | ||
fails ( | ||
mir_verify m "test::f1" [] false f1_fail_alt_spec z3 | ||
); | ||
fails ( | ||
mir_verify m "test::f3" [] false f3_fail_spec z3 | ||
); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
set -e | ||
|
||
$SAW test.saw |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 change: 1 addition & 0 deletions
1
saw-remote-api/python/tests/saw/test-files/mir_statics.linked-mir.json
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
static S1: u32 = 1; | ||
static S2: u32 = 2; | ||
static mut S3: u32 = 3; | ||
|
||
// rustc is very eager to inline immutable, top-level static values, even on the | ||
// lowest optimization settings. To ensure that S1 isn't inlined, we must | ||
// introduce this extra layer of indirection. | ||
#[inline(never)] | ||
pub fn f1_aux() -> &'static u32 { | ||
&S1 | ||
} | ||
|
||
pub fn f1() -> u32 { | ||
*f1_aux() | ||
} | ||
|
||
pub fn f2() -> &'static u32 { | ||
&S2 | ||
} | ||
|
||
pub fn f3() -> u32 { | ||
unsafe { | ||
S3 = S3.wrapping_add(1); | ||
S3 | ||
} | ||
} | ||
|
||
pub fn g(r: &u32) -> bool { | ||
std::ptr::eq(r, &S1) | ||
} |
Oops, something went wrong.