Environ shim

[pvdrz]

The Rust side of this is at rust-lang/rust#68259

Makes progress towards #756

r? @RalfJung

[oli-obk]

Suggested change

	// Put each environment variable pointer in `EnvVars`, collect pointers.
	// Put each environment variable pointer in `EnvVars`, collect pointers.

[oli-obk]

Since this should not be called twice, you can use

Suggested change

	memory_extra.environ.as_ref().unwrap().clone()
	memory_extra.environ.take().unwrap()

[pvdrz]

Hmm but then what should happen if you set another variable? I haven't thought about that part yet

[oli-obk]

^^ that is handled by miri. You only need to provide the initial value here, afterwards you have a perfectly viable mutable allocation.

[pvdrz]

what do you mean? shouldn't we need to update environ every time (un)setenv is called?

[oli-obk]

I gotta run, so just an excercise and no explanation: go up the call stack from here (you will have to go up a few call frames into the miri engine in rustc) and check out what happens with your allocation and why this code is even triggered.

[RalfJung]

Also see https://doc.rust-lang.org/nightly/nightly-rustc/rustc_mir/interpret/trait.Machine.html#tymethod.find_foreign_static: this function is only called the first time a foreign static is accessed.

@oli-obk I wonder... would it make sense to expand/change the find_foreign_static type so that it can/must return an AllocId? Having to actually return the allocation here is a bit annoying for environ.

[oli-obk]

That would mean we'd end up with two AllocIds for the same allocation. I guess that happens anyway for immutable statics and the initial value of mutable statics, unsure. Maybe we should rather pass in the AllocId and require find_foreign_static to put the allocation into Memory at that alloc id. We'd need an allocate_with(AllocId, ...) function, but then everything else could just work as intended without creating confusing situations.

[RalfJung]

Hm... we could pull the same trick as with "normal" statics, and treat one AllocId as "hidden"? We have two AllocId there and it's working...

I don't think allocate_with(alloc_id) will work; we cannot change what that ID maps to in the global tcx store as that's immutable -- right?

[oli-obk]

All non interned allocations need to be in the memory's alloc_map, which is the first thing that is always queried. If there's an entry there, no further code is looked at. Theoretically we could proactively insert that allocation at memory creation time instead of the current "lazy" (it's just lazily inserting, the creation is eager) scheme.

[pvdrz]

The main problem with this (using Option::take) is that we would need &mut MemoryExtra as a parameter and that would require changing a lot of code. Maybe we can add interior mutability to that field instead?

[oli-obk]

Won't this prevent later uses of set_env?

[RalfJung]

I guess the question is, do we try to be smart and recycle those lists, or do we just allocate a new one on each change?

But either way, we'll have to construct such a list multiple times -- so it probably should have its own function.

[oli-obk]

This is suboptimal as the allocation will be left in Memory forever even if it's never going to get used. I'm not sure if this is feasible, but you may be able to create the alloc with Allocation::undef(size, align) and then write to it directly instead of going through all the extra accessors above.

[RalfJung]

Having the allocation last forever makes sense to me, it's a static after all.

We'll also need to update this allocation when the environment changes (whenever environ_place above gets reallocated).

[RalfJung]

That's some odd formatting... either all arguments should be on one line, or they should all have their own line.

[pvdrz]

yes, I have rustfmt disabled to avoid huge diffs. I'll do the formatting when I have a more concise PR

[RalfJung]

There are two allocations whose lifecycle we'll have to manage:

• One for the list of pointers to individual environment variables. Let's call this environ_list. I propose the EnvVars struct keeps track of the latest allocation, and it should get a method to update that list which will kill the old allocation and create a new one.
• And one for the pointer to the latest list -- this is the static itself. Let's call this environ_ptr. find_foreign_static will be called exactly once to allocate this. Can we make the environ_list update function construct a suitable DefId so that it can just do Memory::get_mut for this allocation, and implicitly benefit from the fact that only the first call will end up in find_foreign_static? That would be the most elegant way, I think.

[pvdrz]

There are two allocations whose lifecycle we'll have to manage:

* One for the list of pointers to individual environment variables. Let's call this `environ_list`. I propose the `EnvVars` struct keeps track of the latest allocation, and it should get a method to update that list which will kill the old allocation and create a new one.

I can implement that quickly. I'll add an update_list method to regenerate the whole environ_list and I'll call it every time we add/remove a variable.

* And one for the pointer to the latest list -- this is the static itself. Let's call this `environ_ptr`. `find_foreign_static` will be called exactly once to allocate this. Can we make the `environ_list` update function construct a suitable `DefId` so that it can just do `Memory::get_mut` for this allocation, and implicitly benefit from the fact that only the first call will end up in `find_foreign_static`? That would be the most elegant way, I think.

I got a little lost so let me see if I understood correctly: you want to preserve the same AllocId and just change its allocation when calling update_list?

On the other hand what's blocking this from compiling is that the resulting allocation will have tags and extra but find_foreign_static should return an untagged allocation, and just trying to fix Memory to use the tagged allocation fails at runtime (I did a rebase so I cannot show you the error right now :( ). Maybe I could add a method to untag an allocation?

[RalfJung]

Maybe I could add a method to untag an allocation?

That sounds very wrong. find_foreign_static is supposed to return the initial content of that allocation, it is never called more than once per allocation. Maybe init_foreign_static would be a better name.

I got a little lost so let me see if I understood correctly: you want to preserve the same AllocId and just change its allocation when calling update_list?

The environ_ptr AllocId stays the same -- it has to. The environ_list AllocId does not. Each time update_list gets called, a new allocation is created with the new list, and a ptr to that allocation has to be written to some well-known location so that anyone can find it -- that location is environ_ptr (the storage backing the environ static).

The annoying and tricky part is that with the current structure, we have a phase separation: there's "before find_foreign_static gets called for environ" and "after find_foreign_static got called". That's what makes things messy. So the best thing would be if we could get rid of that phase separation, by calling it ourselves when initializing the env stuff.

@oli-obk is there any way we can determine the AllocId of the extern static named environ, somehow? Then we could just access that in update_list.

[oli-obk]

@oli-obk is there any way we can determine the AllocId of the extern static named environ, somehow?

yes, you call tcx.alloc_map.lock().create_static_alloc(def_id) (https://doc.rust-lang.org/nightly/nightly-rustc/rustc/mir/interpret/struct.AllocMap.html#method.create_static_alloc) which gives you the AllocId (and creates it if it didn't exist yet).

[oli-obk]

oh wait, that is naming

sorry I misread.. No this is something miri has to do on its own.

[pvdrz]

Maybe I could add a method to untag an allocation?

That sounds very wrong. find_foreign_static is supposed to return the initial content of that allocation, it is never called more than once per allocation. Maybe init_foreign_static would be a better name.

I rewrote find_foreign_static to do the initialization for __cxa_thread_atexit_impl, that required adding the AllocId as a parameter. Now miri is panicking running every single test, idk if this is my fault or not

stacktrace

[RalfJung]

Note: when inserting long text, please make it foldable with something like

<details><summary>TITLE HERE</summary>

long text here

</details>

"long text" can be wrapped in ``` if you make sure to leave the empty lines before and after it.

---

I rewrote find_foreign_static to do the initialization for __cxa_thread_atexit_impl

I don't follow, what is there to initialize? It's all NULL, isn't it?

---

@oli-obk I don't think our current scheme can work unless we have a way to access an extern static by link_name (and all alternatvies I can come up with are awful). So it'd be worth finding this out for sure.

To use create_static_alloc, we need to create a DefId for an extern static by name. It seems like that's only possible if the extern static is actually imported anywhere in the program, and then we have to reference it by its Rust path? For environ that could actually work, but in general this is a serious limitation.

Also what happens when there are multiple extern static with the same link_name, wouldn't we treat those as distinct globals in Miri which seems wrong?

[pvdrz]

I don't follow, what is there to initialize? It's all NULL, isn't it?

Yes but the static needs to be tagged properly.

[oli-obk]

We need some sort of name to alloc ID map in the memory extradata, I see no way around that. find_foreign_static could fill that in lazily

[RalfJung]

But even with something like that, Miri would treat two different imports of the same extern static as having different addresses...
Well, address equality is a mess anyway, so maybe that's okay for a start.

Okay so the plan then would be for find_foreign_static, instead of returning an Allocation, to return an AllocId -- right? But, looking at get_static_alloc and the surrounding code, I still don't see how we can make multiple different DefId all refer to the same allocation...

[oli-obk]

Hmmm... ok now I see what you mean. I guess we could make create_static_alloc check for foreign items and add a second hash map that is based on names, but I'm not sure how that would work cross crate.

While we could create a scheme similar to lang items, that feels a lot like overkill

[RalfJung]

I don't see how that would even help. We need multiple entries in memory's MemoryMap to point to the same Allocation, which is just not representible currently.

Or we say that we just don't support programs that import the same extern static at multiple places. But even then we need to rework some things -- as @christianpoveda learned the hard way, the current setup means that the initial value of an "extern static" cannot contain pointers, as it is untagged and gets retrofitted with default tags outside of the Machine's control.

Or we need an indirection that "canonicalizes" the AllocId before doing the lookup... I first thought this was crazy but it might not be so bad after all; in particular this would make a great machine hook! So I think that would be my proposal, actually:

• Add a canonical_alloc_id function to the machine hook (that roughly takes an AllocId and returns an AllocId, with the default impl being the identity function), and remove find_foreign_static.
• In Miri, implement canonicalization as follows: if the AllocId is an extern static, do a lookup it a HashMap that we keep to figure out the canonical AllocId for this static. We can fill that HashMap either eagerly on machine startup or lazily, I am not sure what is best.

[RalfJung]

@oli-obk gave 👍, so I guess we can go ahead with this plan.

@christianpoveda do you want to do that? If you have questions about the proposal just ask. :)

[pvdrz]

I have a lot of questions but I'll do them when I have played with this a little bit. Sounds good to me :P

[RalfJung]

@christianpoveda I am going to implement what I proposed above; I got some time this week-end.

[RalfJung]

Once rust-lang/rust#69408 lands, this should be unblocked. :)

[RalfJung]

@christianpoveda okay, the groundwork is laid. You should now be able to allocate environ_ptr in env.rs initialization and then in init_extern_statics add it to the extern_static map.

[pvdrz]

Ok let me rebase this thing to get it working

Edit: Actually it might be easier to do a new PR, I'll be back soon.