place evaluation: require the original pointer to be aligned if an access happens

RalfJung · RalfJung · commit c87797e5001e · 2023-10-15T18:13:31.000+02:00
diff --git a/src/helpers.rs b/src/helpers.rs
@@ -697,10 +697,7 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriInterpCxExt<'mir, 'tcx> {
     ) -> InterpResult<'tcx, MPlaceTy<'tcx, Provenance>> {
         let this = self.eval_context_ref();
         let ptr = this.read_pointer(op)?;
-
-        let mplace = MPlaceTy::from_aligned_ptr(ptr, layout);
-
-        Ok(mplace)
+        Ok(this.ptr_to_mplace(ptr, layout))
     }
 
     /// Calculates the MPlaceTy given the offset and layout of an access on an operand
diff --git a/src/shims/unix/fs.rs b/src/shims/unix/fs.rs
@@ -1370,7 +1370,7 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriInterpCxExt<'mir, 'tcx> {
                         ("d_reclen", size.into()),
                         ("d_type", file_type.into()),
                     ],
-                    &MPlaceTy::from_aligned_ptr(entry, dirent64_layout),
+                    &this.ptr_to_mplace(entry, dirent64_layout),
                 )?;
 
                 let name_ptr = entry.offset(Size::from_bytes(d_name_offset), this)?;
diff --git a/src/shims/unix/linux/sync.rs b/src/shims/unix/linux/sync.rs
@@ -34,7 +34,7 @@ pub fn futex<'tcx>(
 
     let thread = this.get_active_thread();
     // This is a vararg function so we have to bring our own type for this pointer.
-    let addr = MPlaceTy::from_aligned_ptr(addr, this.machine.layouts.i32);
+    let addr = this.ptr_to_mplace(addr, this.machine.layouts.i32);
     let addr_usize = addr.ptr().addr().bytes();
 
     let futex_private = this.eval_libc_i32("FUTEX_PRIVATE_FLAG");
diff --git a/src/shims/windows/sync.rs b/src/shims/windows/sync.rs
@@ -322,8 +322,8 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriInterpCxExt<'mir, 'tcx> {
 
         let layout = this.machine.layouts.uint(size).unwrap();
         let futex_val = this
-            .read_scalar_atomic(&MPlaceTy::from_aligned_ptr(ptr, layout), AtomicReadOrd::Relaxed)?;
-        let compare_val = this.read_scalar(&MPlaceTy::from_aligned_ptr(compare, layout))?;
+            .read_scalar_atomic(&this.ptr_to_mplace(ptr, layout), AtomicReadOrd::Relaxed)?;
+        let compare_val = this.read_scalar(&this.ptr_to_mplace(compare, layout))?;
 
         if futex_val == compare_val {
             // If the values are the same, we have to block.
diff --git a/tests/fail/unaligned_pointers/field_requires_parent_struct_alignment2.rs b/tests/fail/unaligned_pointers/field_requires_parent_struct_alignment2.rs
@@ -0,0 +1,30 @@
+/// This tests that when a field sits at a well-aligned offset, accessing the field
+/// requires high alignment even if the field type has lower alignment requirements.
+
+#[repr(C, align(16))]
+#[derive(Default, Copy, Clone)]
+pub struct Aligned {
+    _pad: [u8; 11],
+    packed: Packed,
+}
+#[repr(packed)]
+#[derive(Default, Copy, Clone)]
+pub struct Packed {
+    _pad: [u8; 5],
+    x: u8,
+}
+
+unsafe fn foo(x: *const Aligned) -> u8 {
+    unsafe { (*x).packed.x } //~ERROR: accessing memory with alignment 1, but alignment 16 is required
+}
+
+fn main() {
+    unsafe {
+        let mem = [Aligned::default(); 16];
+        let odd_ptr = std::ptr::addr_of!(mem).cast::<u8>().add(1);
+        // `odd_ptr` is now not aligned enough for `Aligned`.
+        // If accessing the nested field `packed.x` can exploit that it is at offset 16
+        // in a 16-aligned struct, this has to be UB.
+        foo(odd_ptr.cast());
+    }
+}
diff --git a/tests/fail/unaligned_pointers/field_requires_parent_struct_alignment2.stderr b/tests/fail/unaligned_pointers/field_requires_parent_struct_alignment2.stderr
@@ -0,0 +1,20 @@
+error: Undefined Behavior: accessing memory with alignment ALIGN, but alignment ALIGN is required
+  --> $DIR/field_requires_parent_struct_alignment2.rs:LL:CC
+   |
+LL |     unsafe { (*x).packed.x }
+   |              ^^^^^^^^^^^^^ accessing memory with alignment ALIGN, but alignment ALIGN is required
+   |
+   = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
+   = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
+   = note: BACKTRACE:
+   = note: inside `foo` at $DIR/field_requires_parent_struct_alignment2.rs:LL:CC
+note: inside `main`
+  --> $DIR/field_requires_parent_struct_alignment2.rs:LL:CC
+   |
+LL |         foo(odd_ptr.cast());
+   |         ^^^^^^^^^^^^^^^^^^^
+
+note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
+
+error: aborting due to previous error
+
