-
Notifications
You must be signed in to change notification settings - Fork 113
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Several misaligned pointer dereference in the library #2391
Comments
There is a lot of unsafe stuff happening all over the place in Scryer. It's kind of scary that a lot of them are behind macros which aren't easy to debug. I contributed initial support for running the unit tests with Miri in #2281, which would make debugging such things much easier, but there are a lot of things in The macros seem to be a really foundational part of Scryer, so changing them to be safer will probably be really hard and/or introduce a big performance regression. Relevant quote from the Nomicon:
Unsafe should be completely encapsulated at module level, but using unsafe in macros like Scryer does ends up putting unsafe everywhere even in modules that could and should probably be 100% safe Rust, which is a big nightmare for debugging Undefined Behavior. |
What I can do here is to list out potential issues I considered to be unsafe (also related to misalignment)
@bakaq I agreed with your point. However, after we compile the code to MIR, all the macros have been expanded. For example, it would be clear to find that |
Improve use of unsafe Rust in arena.rs (#2391)
was removed in mthom#2391 instead of being updated, see - mthom#2393 (comment) and - mthom@79bc2d9#commitcomment-141790142
Sorry, mentioned the wrong PR Number |
Unsoundness
Hi, it seems that three are several misaligned pointer created from
transmute
are used in the library. For example, in the modulemachine::system_calls::<impl machine::Machine>::socket_server_accept/close
scryer-prolog/src/machine/system_calls.rs
Lines 6563 to 6594 in 9837187
At line 6593, the macro
match_untyped_arena_ptr
will matchArenaHeaderTag
and transmute theu8
raw pointer to the raw pointer ofTcpListener
, which is aligned to 4 bytes. The undefined behavior caused by the misaligned pointer dereference can lead to unexpected behaviors that we should avoid. The runtime panic when the system doesn't tolerate the misalignment can even cause the socket operation to fail.The similar issues could also occur in
machine::system_calls::<impl machine::Machine>::http_accept/http_answer
The text was updated successfully, but these errors were encountered: