8000 Miri detects UB in test-suite · Issue #156 · vorner/arc-swap · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Miri detects UB in test-suite #156

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
avl opened this issue Mar 28, 2025 · 2 comments
Open

Miri detects UB in test-suite #156

avl opened this issue Mar 28, 2025 · 2 comments

Comments

@avl
Copy link
avl commented Mar 28, 2025
edited
Loading

I tried running the arc-swap test bench under miri with the 'many seeds' feature active.

MIRIFLAGS=-Zmiri-many-seeds=0..2000 cargo miri test

It fails after a while, with the following error:

test tests_default::rcu ... error: Undefined Behavior: out-of-bounds pointer arithmetic: alloc108734005 has been freed, so this pointer is dangling
    --> /home/anders/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/alloc/src/sync.rs:1690:27
     |
1690 |             let arc_ptr = ptr.byte_sub(offset) as *mut ArcInner<T>;
     |                           ^^^^^^^^^^^^^^^^^^^^ out-of-bounds pointer arithmetic: alloc108734005 has been freed, so this pointer is dangling
     |
     = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
     = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
help: alloc108734005 was allocated here:
    --> src/lib.rs:1161:44
     |
1161 |                 let shared = ArcSwap::from(Arc::new(0));
     |                                            ^^^^^^^^^^^
...
1236 | t!(tests_default, DefaultStrategy);
     | ---------------------------------- in this macro invocation
help: alloc108734005 was deallocated here:
    --> src/lib.rs:1166:60
     |
1166 |                                 shared.rcu(|old| **old + 1);
     |                                                            ^
...

The above is using nightly from '2025-03-15'.
@vorner
Copy link
Owner
vorner commented Mar 31, 2025

Hello.

I've noticed that too and it doesn't even need that parameter. However, so far I haven't been able to figure out the cause of that or if it is legitimate or some kind of false alarm (I won't place a bet on either at this point ‒ reading the code does not hint at how that could be possible and eg. valgrind didn't find anything, but 🤷 )

So far, I've only figured out it is somehow related to the fallbacks inside the locking strategy.

@vorner
Copy link
Owner
vorner commented Apr 20, 2025

Few notes for myself / anyone also poking at it.

No concrete results, but my hunch is it is:

  • Somewhere inside the src/debt/helping.rs (or whatever uses that one).
  • It is triggered only when there are at least two concurrent writers (and probably some reader at the same time).

I'm still trying to lay traps, read through the code and figure out what interaction between the threads is responsible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@avl @vorner
0