Giters

facebookexperimental / MIRAI

Rust mid-level IR Abstract Interpreter

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

`block_visitor.deserialize_constant_bytes` causes panic

acid-chicken opened this issue · comments

commented

Issue

Although the specific cause is unknown, a simple process of converting primitives to structures caused MIRAI to crash.

Steps to Reproduce

Run cargo mirai on the PoC repo: https://github.com/acid-chicken/mirai-crashes-1182/blob/master/src/main.rs

Expected Behavior

It doesn't crash.

Actual Results

Running MIRAI_LOG=trace cargo mirai:

[2022-09-15T14:14:39Z TRACE mirai::type_visitor] set_path_rustc_type(self: "TypeVisitor",path: <heap_1>.0,ty: NonZeroEnum)
[2022-09-15T14:14:39Z TRACE mirai::block_visitor] deserializing NonZeroEnum []
[2022-09-15T14:14:39Z TRACE mirai::path] new_discriminant(enum_path: <heap_1>.0)
[2022-09-15T14:14:40Z TRACE mirai::path] new_qualified(qualifier: <heap_1>.0,selector: discr)
[2022-09-15T14:14:40Z TRACE mirai::path] path_length(self: <heap_1>.0)
[2022-09-15T14:14:40Z TRACE mirai::path] from(value: <heap_1>.0.discr)
thread 'rustc' panicked at 'index out of bounds: the len is 0 but the index is 0', checker/src/block_visitor.rs:2971:63

The error statement indicates the following location:

MIRAI/checker/src/block_visitor.rs

Lines 2968 to 2971 in 9951a7a

// Assume (probably incorrectly) that the discriminant is encoded into a single byte
// todo: somehow figure out what the Rust compiler is actually doing here. (Not easy.)
self.bv
.update_value_at(discr_val_path, Rc::new((bytes[0] as u128).into()));

Environment

rustc 1.65.0-nightly (eaadb8947 2022-08-27)

commented

The comment above the failing statement pretty much says it all: Not easy.

I'll try to spend some time on it soon.

commented

Fixed.