miri native_calls: ensure we actually expose *mutable* provenance to the memory FFI can access

RalfJung · RalfJung · commit 3846f942300c · 2025-03-11T14:34:21.000+01:00
diff --git a/compiler/rustc_const_eval/src/interpret/memory.rs b/compiler/rustc_const_eval/src/interpret/memory.rs
@@ -982,6 +982,10 @@ impl<'tcx, M: Machine<'tcx>> InterpCx<'tcx, M> {
                     todo.push(id);
                 }
             }
+            // Also expose the provenance of the interpreter-level allocation, so it can
+            // be read by FFI. The `black_box` is defensive programming as LLVM likes
+            // to (incorrectly) optimize away ptr2int casts whose result is unused.
+            std::hint::black_box(alloc.get_bytes_unchecked_raw().expose_provenance());
 
             // Prepare for possible write from native code if mutable.
             if info.mutbl.is_mut() {
diff --git a/compiler/rustc_middle/src/mir/interpret/allocation.rs b/compiler/rustc_middle/src/mir/interpret/allocation.rs
@@ -679,6 +679,11 @@ impl<Prov: Provenance, Extra, Bytes: AllocBytes> Allocation<Prov, Extra, Bytes>
         // Set provenance of all bytes to wildcard.
         self.provenance.write_wildcards(self.len());
 
+        // Also expose the provenance of the interpreter-level allocation, so it can
+        // be written by FFI. The `black_box` is defensive programming as LLVM likes
+        // to (incorrectly) optimize away ptr2int casts whose result is unused.
+        std::hint::black_box(self.get_bytes_unchecked_raw_mut().expose_provenance());
+
         Ok(())
     }
 
diff --git a/src/tools/miri/src/alloc_addresses/mod.rs b/src/tools/miri/src/alloc_addresses/mod.rs
@@ -198,8 +198,8 @@ trait EvalContextExtPriv<'tcx>: crate::MiriInterpCxExt<'tcx> {
                 }
                 AllocKind::Dead => unreachable!(),
             };
-            // Ensure this pointer's provenance is exposed, so that it can be used by FFI code.
-            return interp_ok(base_ptr.expose_provenance().try_into().unwrap());
+            // We don't have to expose this pointer yet, we do that in `prepare_for_native_call`.
+            return interp_ok(base_ptr.addr().try_into().unwrap());
         }
         // We are not in native lib mode, so we control the addresses ourselves.
         if let Some((reuse_addr, clock)) = global_state.reuse.take_addr(
diff --git a/src/tools/miri/src/shims/native_lib.rs b/src/tools/miri/src/shims/native_lib.rs
@@ -266,7 +266,7 @@ fn imm_to_carg<'tcx>(v: &ImmTy<'tcx>, cx: &impl HasDataLayout) -> InterpResult<'
             CArg::USize(v.to_scalar().to_target_usize(cx)?.try_into().unwrap()),
         ty::RawPtr(..) => {
             let s = v.to_scalar().to_pointer(cx)?.addr();
-            // This relies on the `expose_provenance` in `addr_from_alloc_id`.
+            // This relies on the `expose_provenance` in `prepare_for_native_call`.
             CArg::RawPtr(std::ptr::with_exposed_provenance_mut(s.bytes_usize()))
         }
         _ => throw_unsup_format!("unsupported argument type for native call: {}", v.layout.ty),

Original file line number	Diff line number	Diff line change
`@@ -982,6 +982,10 @@ impl<'tcx, M: Machine<'tcx>> InterpCx<'tcx, M> {`
`982`	`982`	`todo.push(id);`
`983`	`983`	`}`
`984`	`984`	`}`
	`985`	`+ // Also expose the provenance of the interpreter-level allocation, so it can`
	`986`	+ // be read by FFI. The `black_box` is defensive programming as LLVM likes
	`987`	`+ // to (incorrectly) optimize away ptr2int casts whose result is unused.`
	`988`	`+ std::hint::black_box(alloc.get_bytes_unchecked_raw().expose_provenance());`
`985`	`989`
`986`	`990`	`// Prepare for possible write from native code if mutable.`
`987`	`991`	`if info.mutbl.is_mut() {`
Original file line number	Diff line number	Diff line change
`@@ -198,8 +198,8 @@ trait EvalContextExtPriv<'tcx>: crate::MiriInterpCxExt<'tcx> {`
`198`	`198`	`}`
`199`	`199`	`AllocKind::Dead => unreachable!(),`
`200`	`200`	`};`
`201`		`- // Ensure this pointer's provenance is exposed, so that it can be used by FFI code.`
`202`		`- return interp_ok(base_ptr.expose_provenance().try_into().unwrap());`
	`201`	+ // We don't have to expose this pointer yet, we do that in `prepare_for_native_call`.
	`202`	`+ return interp_ok(base_ptr.addr().try_into().unwrap());`
`203`	`203`	`}`
`204`	`204`	`// We are not in native lib mode, so we control the addresses ourselves.`
`205`	`205`	`if let Some((reuse_addr, clock)) = global_state.reuse.take_addr(`
Original file line number	Diff line number	Diff line change
`@@ -266,7 +266,7 @@ fn imm_to_carg<'tcx>(v: &ImmTy<'tcx>, cx: &impl HasDataLayout) -> InterpResult<'`
`266`	`266`	`CArg::USize(v.to_scalar().to_target_usize(cx)?.try_into().unwrap()),`
`267`	`267`	`ty::RawPtr(..) => {`
`268`	`268`	`let s = v.to_scalar().to_pointer(cx)?.addr();`
`269`		- // This relies on the `expose_provenance` in `addr_from_alloc_id`.
	`269`	+ // This relies on the `expose_provenance` in `prepare_for_native_call`.
`270`	`270`	`CArg::RawPtr(std::ptr::with_exposed_provenance_mut(s.bytes_usize()))`
`271`	`271`	`}`
`272`	`272`	`_ => throw_unsup_format!("unsupported argument type for native call: {}", v.layout.ty),`