Skip to content

miri: make read_discriminant UB when the tag is not in the validity range of the tag field#153408

Merged
rust-bors[bot] merged 1 commit intorust-lang:mainfrom
RalfJung:tag-read-must-be-valid
Mar 11, 2026
Merged

miri: make read_discriminant UB when the tag is not in the validity range of the tag field#153408
rust-bors[bot] merged 1 commit intorust-lang:mainfrom
RalfJung:tag-read-must-be-valid

Conversation

@RalfJung
Copy link
Member

@RalfJung RalfJung commented Mar 4, 2026
edited
Loading

Arguably, reading an enum discriminant is an operation that uses the "type" of the discriminant field -- and therefore it should fail when the value in that field isn't valid at that type. Therefore, code like this should be UB:

fn main() {
    unsafe {
        let x = 12u8;
        let x_ptr: *const u8 = &x;
        let cast_ptr = x_ptr as *const Option<bool>;
        // Reading the discriminant should fail since the tag value is not in the valid
        // range for the tag field.
        let _val = matches!(*cast_ptr, None);
        //~^ ERROR: invalid tag
    }
}

However, Miri currently sees no UB here. (MiniRust does see UB.) This is because we never actually check whether the tag we read is in the validity range for its field. So let's add such a check, and a corresponding test.

In fact, we have to do this check, since the codegen backend adds range metadata on the discriminant load, as can be seen in this example. In other words, the above code has UB in LLVM IR but not in Miri, which is a critical Miri bug.

@rustbot
Copy link
Collaborator

rustbot commented Mar 4, 2026

The Miri subtree was changed

cc @rust-lang/miri

Some changes occurred to the CTFE machinery

cc @oli-obk, @lcnr

Some changes occurred to the CTFE / Miri interpreter

cc @rust-lang/miri

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. labels Mar 4, 2026
@rustbot
Copy link
Collaborator

rustbot commented Mar 4, 2026

r? @JohnTitor

rustbot has assigned @JohnTitor.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

Why was this reviewer chosen?

The reviewer was selected based on:

  • Owners of files modified in this PR: compiler, mir
  • compiler, mir expanded to 69 candidates
  • Random selection from 16 candidates

@RalfJung RalfJung force-pushed the tag-read-must-be-valid branch from 4153e62 to b4b2429 Compare March 4, 2026 15:31
@RalfJung
Copy link
Member Author

RalfJung commented Mar 4, 2026

r? @oli-obk

@rustbot rustbot assigned oli-obk and unassigned JohnTitor Mar 4, 2026
@rustbot
Copy link
Collaborator

rustbot commented Mar 4, 2026

oli-obk is not on the review rotation at the moment.
They may take a while to respond.

@rust-log-analyzer

This comment has been minimized.

Sign in to view
@RalfJung RalfJung force-pushed the tag-read-must-be-valid branch 2 times, most recently from f2ff029 to afff350 Compare March 4, 2026 17:15
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@RalfJung RalfJung force-pushed the tag-read-must-be-valid branch from afff350 to b840338 Compare March 5, 2026 11:09
oli-obk
oli-obk approved these changes Mar 11, 2026
View reviewed changes
Copy link
Contributor

@oli-obk oli-obk left a comment
edited by rustbot
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bors r+

View changes since this review

@rust-bors
Copy link
Contributor

rust-bors bot commented Mar 11, 2026

📌 Commit b840338 has been approved by oli-obk

It is now in the queue for this repository.

@rust-bors rust-bors bot added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Mar 11, 2026
@JonathanBrouwer JonathanBrouwer mentioned this pull request Mar 11, 2026
Merged
rust-bors bot pushed a commit that referenced this pull request Mar 11, 2026
@bors
Auto merge of #153704 - JonathanBrouwer:rollup-f0S4ki3, r=JonathanBro…
3b1b0ef 
…uwer

Rollup of 4 pull requests

Successful merges:

 - #153072 (Allow merging all libcore/alloc doctests into a single binary)
 - #153408 (miri: make read_discriminant UB when the tag is not in the validity range of the tag field)
 - #153674 (Detect inherent method behind deref being shadowed by trait method)
 - #153689 (Eliminate `QueryLatchInfo`.)
@rust-bors rust-bors bot merged commit 5999ec3 into rust-lang:main Mar 11, 2026
11 checks passed
@rustbot rustbot added this to the 1.96.0 milestone Mar 11, 2026
github-actions bot pushed a commit to rust-lang/miri that referenced this pull request Mar 12, 2026
@bors
Auto merge of #153704 - JonathanBrouwer:rollup-f0S4ki3, r=JonathanBro…
1645a27 
…uwer

Rollup of 4 pull requests

Successful merges:

 - rust-lang/rust#153072 (Allow merging all libcore/alloc doctests into a single binary)
 - rust-lang/rust#153408 (miri: make read_discriminant UB when the tag is not in the validity range of the tag field)
 - rust-lang/rust#153674 (Detect inherent method behind deref being shadowed by trait method)
 - rust-lang/rust#153689 (Eliminate `QueryLatchInfo`.)
@RalfJung RalfJung deleted the tag-read-must-be-valid branch March 12, 2026 07:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@oli-obk oli-obk oli-obk approved these changes

Assignees

@oli-obk oli-obk

Labels

S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.

Projects

None yet

Milestone

1.96.0

Development

Successfully merging this pull request may close these issues.

5 participants

@RalfJung @rustbot @rust-log-analyzer @oli-obk @JohnTitor