The bug is detected by miri when it runs the testcase tlsf_alloc in this repo.
error: Undefined Behavior: trying to retag from <137215> for Unique permission at alloc42525[0x7ffffe0], but that tag does not exist in the borrow stack for this location
--> /home/runner/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/ptr/non_null.rs:482:18
|
482 | unsafe { &mut *self.as_ptr() }
| ^^^^^^^^^^^^^^^^^^^ this error occurs as part of retag at alloc42525[0x7ffffe0..0x7fffff0]
|
= help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental
= help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information
help: <137215> was created by a SharedReadOnly retag at offsets [0x0..0x10]
--> /tmp/os-checker-plugin-cargo/arceos-org/allocator/src/tlsf.rs:41:13
|
41 | / self.inner
42 | | .insert_free_block_ptr(NonNull::new(pool).unwrap())
| |___________________________________________________________________^
= note: BACKTRACE (of the first span) on thread `tlsf_alloc`:
= note: inside `std::ptr::NonNull::<rlsf::tlsf::UsedBlockHdr>::as_mut::<'_>` at /home/runner/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/ptr/non_null.rs:482:18: 482:37
= note: inside `rlsf::tlsf::Tlsf::<'_, u32, u32, 28, 32>::insert_free_block_ptr_aligned` at /home/runner/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/rlsf-0.2.1/src/tlsf.rs:527:13: 527:36
= note: inside `rlsf::tlsf::Tlsf::<'_, u32, u32, 28, 32>::insert_free_block_ptr` at /home/runner/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/rlsf-0.2.1/src/tlsf.rs:480:24: 482:11
note: inside `<allocator::TlsfByteAllocator as allocator::BaseAllocator>::init`
--> /tmp/os-checker-plugin-cargo/arceos-org/allocator/src/tlsf.rs:41:13
|
41 | / self.inner
42 | | .insert_free_block_ptr(NonNull::new(pool).unwrap())
| |___________________________________________________________________^
note: inside `allocator::AllocatorRc::<allocator::TlsfByteAllocator>::new`
--> /tmp/os-checker-plugin-cargo/arceos-org/allocator/src/lib.rs:183:13
|
183 | inner.init(pool.as_mut_ptr() as usize, pool.len());
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
note: inside closure
--> tests/allocator.rs:136:21
|
136 | let alloc = AllocatorRc::new(TlsfByteAllocator::new(), pool);
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
note: inside `run_test::<{closure@tests/allocator.rs:135:14: 135:20}>`
--> tests/allocator.rs:92:5
|
92 | f(pool);
| ^^^^^^^
note: inside `tlsf_alloc`
--> tests/allocator.rs:135:5
|
135 | / run_test(|pool| {
136 | | let alloc = AllocatorRc::new(TlsfByteAllocator::new(), pool);
137 | | test_alignment(50, &alloc);
138 | | test_vec(3_000_000, &alloc);
... |
141 | | test_btree_map(50_000, &alloc);
142 | | })
| |______^
note: inside closure
--> tests/allocator.rs:134:16
|
133 | #[test]
| ------- in this attribute macro expansion
134 | fn tlsf_alloc() {
| ^See what I wrote in here.
cc
The bug is detected by miri when it runs the testcase tlsf_alloc in this repo.
See what I wrote in here.
cc