pointer tag tracking: on creation, log the offsets it is created for

RalfJung · RalfJung · commit 6cc407e41965 · 2022-07-02T10:12:47.000-04:00
diff --git a/src/diagnostics.rs b/src/diagnostics.rs
@@ -67,7 +67,7 @@ impl MachineStopType for TerminationInfo {}
 
 /// Miri specific diagnostics
 pub enum NonHaltingDiagnostic {
-    CreatedPointerTag(NonZeroU64),
+    CreatedPointerTag(NonZeroU64, Option<(AllocId, AllocRange)>),
     /// This `Item` was popped from the borrow stack, either due to an access with the given tag or
     /// a deallocation when the second argument is `None`.
     PoppedPointerTag(Item, Option<(SbTagExtra, AccessKind)>),
@@ -318,7 +318,7 @@ fn report_msg<'mir, 'tcx>(
     diag_level: DiagLevel,
     title: &str,
     span_msg: Vec<String>,
-    mut helps: Vec<(Option<SpanData>, String)>,
+    helps: Vec<(Option<SpanData>, String)>,
     stacktrace: &[FrameInfo<'tcx>],
 ) {
     let span = stacktrace.first().map_or(DUMMY_SP, |fi| fi.span);
@@ -344,15 +344,15 @@ fn report_msg<'mir, 'tcx>(
 
     // Show help messages.
     if !helps.is_empty() {
-        // Add visual separator before backtrace.
-        helps.last_mut().unwrap().1.push('\n');
         for (span_data, help) in helps {
             if let Some(span_data) = span_data {
                 err.span_help(span_data.span(), &help);
             } else {
                 err.help(&help);
             }
         }
+        // Add visual separator before backtrace.
+        err.note("backtrace:");
     }
     // Add backtrace
     for (idx, frame_info) in stacktrace.iter().enumerate() {
@@ -448,7 +448,9 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
             for e in diagnostics.drain(..) {
                 use NonHaltingDiagnostic::*;
                 let msg = match e {
-                    CreatedPointerTag(tag) => format!("created tag {:?}", tag),
+                    CreatedPointerTag(tag, None) => format!("created tag {tag:?}"),
+                    CreatedPointerTag(tag, Some((alloc_id, range))) =>
+                        format!("created tag {tag:?} at {alloc_id}{}", HexRange(range)),
                     PoppedPointerTag(item, tag) =>
                         match tag {
                             None =>
diff --git a/src/stacked_borrows.rs b/src/stacked_borrows.rs
@@ -222,11 +222,9 @@ impl GlobalStateInner {
         }
     }
 
+    /// Generates a new pointer tag. Remember to also check track_pointer_tags and log its creation!
     fn new_ptr(&mut self) -> SbTag {
         let id = self.next_ptr_tag;
-        if self.tracked_pointer_tags.contains(&id) {
-            register_diagnostic(NonHaltingDiagnostic::CreatedPointerTag(id.0));
-        }
         self.next_ptr_tag = SbTag(NonZeroU64::new(id.0.get() + 1).unwrap());
         id
     }
@@ -253,6 +251,9 @@ impl GlobalStateInner {
     pub fn base_ptr_tag(&mut self, id: AllocId) -> SbTag {
         self.base_ptr_tags.get(&id).copied().unwrap_or_else(|| {
             let tag = self.new_ptr();
+            if self.tracked_pointer_tags.contains(&tag) {
+                register_diagnostic(NonHaltingDiagnostic::CreatedPointerTag(tag.0, None));
+            }
             trace!("New allocation {:?} has base tag {:?}", id, tag);
             self.base_ptr_tags.try_insert(id, tag).unwrap();
             tag
@@ -802,16 +803,28 @@ trait EvalContextPrivExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
         let this = self.eval_context_mut();
         let current_span = &mut this.machine.current_span();
 
+        // It is crucial that this gets called on all code paths, to ensure we track tag creation.
         let log_creation = |this: &MiriEvalContext<'mir, 'tcx>,
                             current_span: &mut CurrentSpan<'_, 'mir, 'tcx>,
                             alloc_id,
                             base_offset,
                             orig_tag|
          -> InterpResult<'tcx> {
+            let global = this.machine.stacked_borrows.as_ref().unwrap().borrow();
+            if global.tracked_pointer_tags.contains(&new_tag) {
+                register_diagnostic(NonHaltingDiagnostic::CreatedPointerTag(
+                    new_tag.0,
+                    Some((alloc_id, alloc_range(base_offset, size))),
+                ));
+            }
+            drop(global); // don't hold that reference any longer than we have to
+
+            // The SB history tracking needs a parent tag, so skip if we come from a wildcard.
             let SbTagExtra::Concrete(orig_tag) = orig_tag else {
                 // FIXME: should we log this?
                 return Ok(())
             };
+
             let extra = this.get_alloc_extra(alloc_id)?;
             let mut stacked_borrows = extra
                 .stacked_borrows
@@ -850,6 +863,7 @@ trait EvalContextPrivExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
                 return Ok(Some(alloc_id));
             }
             // This pointer doesn't come with an AllocId. :shrug:
+            register_diagnostic(NonHaltingDiagnostic::CreatedPointerTag(new_tag.0, None));
             return Ok(None);
         }
         let (alloc_id, base_offset, orig_tag) = this.ptr_get_alloc_id(place.ptr)?;
