From fb82ee0d5b08ec7ccfd72b4a946f36dad2c75dbc Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sun, 11 Feb 2024 19:04:29 +0100 Subject: [PATCH] rename ptr::invalid -> ptr::without_provenance also introduce ptr::dangling matching NonNull::dangling --- tests/fail/dangling_pointers/deref_dangling_box.rs | 2 +- tests/fail/dangling_pointers/deref_dangling_ref.rs | 2 +- tests/fail/provenance/ptr_invalid.rs | 4 ++-- tests/fail/provenance/ptr_invalid_offset.rs | 2 +- tests/pass-dep/shims/mmap.rs | 8 ++++---- tests/pass-dep/shims/posix_memalign.rs | 4 ++-- tests/pass/align_offset_symbolic.rs | 2 +- tests/pass/atomic.rs | 6 +++--- tests/pass/ptr_raw.rs | 8 ++++---- tests/pass/slices.rs | 6 +++--- tests/pass/underscore_pattern.rs | 4 ++-- 11 files changed, 24 insertions(+), 24 deletions(-) diff --git a/tests/fail/dangling_pointers/deref_dangling_box.rs b/tests/fail/dangling_pointers/deref_dangling_box.rs index d2823672ad..fa40f942b8 100644 --- a/tests/fail/dangling_pointers/deref_dangling_box.rs +++ b/tests/fail/dangling_pointers/deref_dangling_box.rs @@ -8,7 +8,7 @@ use std::ptr::{self, addr_of_mut}; // (This test relies on the `deref_copy` pass that lowers `**ptr` to materialize the intermediate pointer.) fn main() { - let mut inner = ptr::invalid::(24); + let mut inner = ptr::without_provenance::(24); let outer = addr_of_mut!(inner).cast::>(); // Now `outer` is a pointer to a dangling reference. // Deref'ing that should be UB. diff --git a/tests/fail/dangling_pointers/deref_dangling_ref.rs b/tests/fail/dangling_pointers/deref_dangling_ref.rs index b62e041d70..036ef2580a 100644 --- a/tests/fail/dangling_pointers/deref_dangling_ref.rs +++ b/tests/fail/dangling_pointers/deref_dangling_ref.rs @@ -8,7 +8,7 @@ use std::ptr::{self, addr_of_mut}; // (This test relies on the `deref_copy` pass that lowers `**ptr` to materialize the intermediate pointer.) fn main() { - let mut inner = ptr::invalid::(24); + let mut inner = ptr::without_provenance::(24); let outer = addr_of_mut!(inner).cast::<&'static mut i32>(); // Now `outer` is a pointer to a dangling reference. // Deref'ing that should be UB. diff --git a/tests/fail/provenance/ptr_invalid.rs b/tests/fail/provenance/ptr_invalid.rs index 5d44928d1d..730859684a 100644 --- a/tests/fail/provenance/ptr_invalid.rs +++ b/tests/fail/provenance/ptr_invalid.rs @@ -1,9 +1,9 @@ #![feature(strict_provenance, exposed_provenance)] -// Ensure that a `ptr::invalid` ptr is truly invalid. +// Ensure that a `ptr::without_provenance` ptr is truly invalid. fn main() { let x = 42; let xptr = &x as *const i32; - let xptr_invalid = std::ptr::invalid::(xptr.expose_addr()); + let xptr_invalid = std::ptr::without_provenance::(xptr.expose_addr()); let _val = unsafe { *xptr_invalid }; //~ ERROR: is a dangling pointer } diff --git a/tests/fail/provenance/ptr_invalid_offset.rs b/tests/fail/provenance/ptr_invalid_offset.rs index 91ba18f768..c8be521ef8 100644 --- a/tests/fail/provenance/ptr_invalid_offset.rs +++ b/tests/fail/provenance/ptr_invalid_offset.rs @@ -4,7 +4,7 @@ fn main() { let x = 22; let ptr = &x as *const _ as *const u8; - let roundtrip = std::ptr::invalid::(ptr as usize); + let roundtrip = std::ptr::without_provenance::(ptr as usize); // Not even offsetting this is allowed. let _ = unsafe { roundtrip.offset(1) }; //~ERROR: is a dangling pointer } diff --git a/tests/pass-dep/shims/mmap.rs b/tests/pass-dep/shims/mmap.rs index 7bbb9dd53c..0cbe8d9429 100644 --- a/tests/pass-dep/shims/mmap.rs +++ b/tests/pass-dep/shims/mmap.rs @@ -71,7 +71,7 @@ fn test_mmap( let ptr = unsafe { mmap( - ptr::invalid_mut(page_size * 64), + ptr::without_provenance_mut(page_size * 64), page_size, libc::PROT_READ | libc::PROT_WRITE, // We don't support MAP_FIXED @@ -114,13 +114,13 @@ fn test_mmap( assert_eq!(ptr, libc::MAP_FAILED); // We report an error when trying to munmap an address which is not a multiple of the page size - let res = unsafe { libc::munmap(ptr::invalid_mut(1), page_size) }; + let res = unsafe { libc::munmap(ptr::without_provenance_mut(1), page_size) }; assert_eq!(res, -1); assert_eq!(Error::last_os_error().raw_os_error().unwrap(), libc::EINVAL); // We report an error when trying to munmap a length that cannot be rounded up to a multiple of // the page size. - let res = unsafe { libc::munmap(ptr::invalid_mut(page_size), usize::MAX - 1) }; + let res = unsafe { libc::munmap(ptr::without_provenance_mut(page_size), usize::MAX - 1) }; assert_eq!(res, -1); assert_eq!(Error::last_os_error().raw_os_error().unwrap(), libc::EINVAL); } @@ -156,7 +156,7 @@ fn test_mremap() { // Test all of our error conditions // Not aligned let ptr = - unsafe { libc::mremap(ptr::invalid_mut(1), page_size, page_size, libc::MREMAP_MAYMOVE) }; + unsafe { libc::mremap(ptr::without_provenance_mut(1), page_size, page_size, libc::MREMAP_MAYMOVE) }; assert_eq!(ptr, libc::MAP_FAILED); assert_eq!(Error::last_os_error().raw_os_error().unwrap(), libc::EINVAL); diff --git a/tests/pass-dep/shims/posix_memalign.rs b/tests/pass-dep/shims/posix_memalign.rs index 9bd8a00d68..5cf62995fb 100644 --- a/tests/pass-dep/shims/posix_memalign.rs +++ b/tests/pass-dep/shims/posix_memalign.rs @@ -58,7 +58,7 @@ fn main() { // Non-power of 2 align unsafe { - let mut ptr: *mut libc::c_void = ptr::invalid_mut(0x1234567); + let mut ptr: *mut libc::c_void = ptr::without_provenance_mut(0x1234567); let align = 15; let size = 8; assert_eq!(libc::posix_memalign(&mut ptr, align, size), libc::EINVAL); @@ -70,7 +70,7 @@ fn main() { // Too small align (smaller than ptr) unsafe { - let mut ptr: *mut libc::c_void = ptr::invalid_mut(0x1234567); + let mut ptr: *mut libc::c_void = ptr::without_provenance_mut(0x1234567); let align = std::mem::size_of::() / 2; let size = 8; assert_eq!(libc::posix_memalign(&mut ptr, align, size), libc::EINVAL); diff --git a/tests/pass/align_offset_symbolic.rs b/tests/pass/align_offset_symbolic.rs index ac28c63e08..c32fa2c8f9 100644 --- a/tests/pass/align_offset_symbolic.rs +++ b/tests/pass/align_offset_symbolic.rs @@ -100,7 +100,7 @@ fn huge_align() { #[cfg(target_pointer_width = "16")] const SIZE: usize = 1 << 13; struct HugeSize(#[allow(dead_code)] [u8; SIZE - 1]); - let _ = std::ptr::invalid::(SIZE).align_offset(SIZE); + let _ = std::ptr::without_provenance::(SIZE).align_offset(SIZE); } // This shows that we cannot store the promised alignment info in `AllocExtra`, diff --git a/tests/pass/atomic.rs b/tests/pass/atomic.rs index 60b8ff87b5..dfdc9b42f8 100644 --- a/tests/pass/atomic.rs +++ b/tests/pass/atomic.rs @@ -137,7 +137,7 @@ fn atomic_ptr() { let ptr = AtomicPtr::::new(ptr::null_mut()); assert!(ptr.load(Relaxed).addr() == 0); - ptr.store(ptr::invalid_mut(13), SeqCst); + ptr.store(ptr::without_provenance_mut(13), SeqCst); assert!(ptr.swap(x, Relaxed).addr() == 13); unsafe { assert!(*ptr.load(Acquire) == 0) }; @@ -145,7 +145,7 @@ fn atomic_ptr() { assert_eq!( ptr.compare_exchange( (&mut 0 as *mut i32).with_addr(x.addr()), - ptr::invalid_mut(0), + ptr::without_provenance_mut(0), SeqCst, SeqCst ) @@ -156,7 +156,7 @@ fn atomic_ptr() { assert_eq!( ptr.compare_exchange( (&mut 0 as *mut i32).with_addr(x.addr()), - ptr::invalid_mut(0), + ptr::without_provenance_mut(0), SeqCst, SeqCst ) diff --git a/tests/pass/ptr_raw.rs b/tests/pass/ptr_raw.rs index 11c3455a9c..dcf13d97ce 100644 --- a/tests/pass/ptr_raw.rs +++ b/tests/pass/ptr_raw.rs @@ -35,12 +35,12 @@ fn assign_overlapping() { fn deref_invalid() { unsafe { // `addr_of!(*ptr)` is never UB. - let _val = addr_of!(*ptr::invalid::(0)); - let _val = addr_of!(*ptr::invalid::(1)); // not aligned + let _val = addr_of!(*ptr::without_provenance::(0)); + let _val = addr_of!(*ptr::without_provenance::(1)); // not aligned // Similarly, just mentioning the place is fine. - let _ = *ptr::invalid::(0); - let _ = *ptr::invalid::(1); + let _ = *ptr::without_provenance::(0); + let _ = *ptr::without_provenance::(1); } } diff --git a/tests/pass/slices.rs b/tests/pass/slices.rs index a99e921150..d30ca96ea4 100644 --- a/tests/pass/slices.rs +++ b/tests/pass/slices.rs @@ -29,7 +29,7 @@ fn slice_of_zst() { // In a slice of zero-size elements the pointer is meaningless. // Ensure iteration still works even if the pointer is at the end of the address space. - let slice: &[()] = unsafe { slice::from_raw_parts(ptr::invalid(-5isize as usize), 10) }; + let slice: &[()] = unsafe { slice::from_raw_parts(ptr::without_provenance(-5isize as usize), 10) }; assert_eq!(slice.len(), 10); assert_eq!(slice.iter().count(), 10); @@ -43,7 +43,7 @@ fn slice_of_zst() { // Test mutable iterators as well let slice: &mut [()] = - unsafe { slice::from_raw_parts_mut(ptr::invalid_mut(-5isize as usize), 10) }; + unsafe { slice::from_raw_parts_mut(ptr::without_provenance_mut(-5isize as usize), 10) }; assert_eq!(slice.len(), 10); assert_eq!(slice.iter_mut().count(), 10); @@ -263,7 +263,7 @@ fn test_for_invalidated_pointers() { fn large_raw_slice() { let size = isize::MAX as usize; // Creating a raw slice of size isize::MAX and asking for its size is okay. - let s = std::ptr::slice_from_raw_parts(ptr::invalid::(1), size); + let s = std::ptr::slice_from_raw_parts(ptr::without_provenance::(1), size); assert_eq!(size, unsafe { std::mem::size_of_val_raw(s) }); } diff --git a/tests/pass/underscore_pattern.rs b/tests/pass/underscore_pattern.rs index b0e85bc1bb..f0afe55895 100644 --- a/tests/pass/underscore_pattern.rs +++ b/tests/pass/underscore_pattern.rs @@ -38,7 +38,7 @@ fn invalid_match() { fn dangling_let() { unsafe { - let ptr = ptr::invalid::(0x40); + let ptr = ptr::without_provenance::(0x40); let _ = *ptr; } } @@ -54,7 +54,7 @@ fn invalid_let() { // Adding a type annotation used to change how MIR is generated, make sure we cover both cases. fn dangling_let_type_annotation() { unsafe { - let ptr = ptr::invalid::(0x40); + let ptr = ptr::without_provenance::(0x40); let _: bool = *ptr; } }