use the UB-free version with proper alignment in Miri

rust-random · Apr 20, 2019 · f1d0419 · f1d0419
1 parent 1f6e599
commit f1d0419
Showing 1 changed file with 10 additions and 4 deletions.
diff --git a/rand_core/src/block.rs b/rand_core/src/block.rs
@@ -213,7 +213,9 @@ where <R as BlockRngCore>::Results: AsRef<[u32]> + AsMut<[u32]>
     // As an optimization we try to write directly into the output buffer.
     // This is only enabled for little-endian platforms where unaligned writes
     // are known to be safe and fast.
-    #[cfg(any(target_arch = "x86", target_arch = "x86_64"))]
+    // FIXME: This is UB. We disable it in Miri to paper over that, but really
+    // we should stop creating unaligned references.
+    #[cfg(all(not(miri), any(target_arch = "x86", target_arch = "x86_64")))]
     fn fill_bytes(&mut self, dest: &mut [u8]) {
         let mut filled = 0;
 
@@ -232,6 +234,7 @@ where <R as BlockRngCore>::Results: AsRef<[u32]> + AsMut<[u32]>
         let end_direct = dest.len() - len_remainder;
 
         while filled < end_direct {
+            // This reference is not aligned. Even just creating it is UB.
             let dest_u32: &mut R::Results = unsafe {
                 &mut *(dest[filled..].as_mut_ptr() as
                 *mut <R as BlockRngCore>::Results)
@@ -251,7 +254,7 @@ where <R as BlockRngCore>::Results: AsRef<[u32]> + AsMut<[u32]>
         }
     }
 
-    #[cfg(not(any(target_arch = "x86", target_arch = "x86_64")))]
+    #[cfg(not(all(not(miri), any(target_arch = "x86", target_arch = "x86_64"))))]
     fn fill_bytes(&mut self, dest: &mut [u8]) {
         let mut read_len = 0;
         while read_len < dest.len() {
@@ -419,7 +422,9 @@ where <R as BlockRngCore>::Results: AsRef<[u64]> + AsMut<[u64]>
     // As an optimization we try to write directly into the output buffer.
     // This is only enabled for little-endian platforms where unaligned writes
     // are known to be safe and fast.
-    #[cfg(any(target_arch = "x86", target_arch = "x86_64"))]
+    // FIXME: This is UB. We disable it in Miri to paper over that, but really
+    // we should stop creating unaligned references.
+    #[cfg(all(not(miri), any(target_arch = "x86", target_arch = "x86_64")))]
     fn fill_bytes(&mut self, dest: &mut [u8]) {
         let mut filled = 0;
         self.half_used = false;
@@ -439,6 +444,7 @@ where <R as BlockRngCore>::Results: AsRef<[u64]> + AsMut<[u64]>
         let end_direct = dest.len() - len_remainder;
 
         while filled < end_direct {
+            // This reference is not aligned. Even just creating it is UB.
             let dest_u64: &mut R::Results = unsafe {
                 ::core::mem::transmute(dest[filled..].as_mut_ptr())
             };
@@ -457,7 +463,7 @@ where <R as BlockRngCore>::Results: AsRef<[u64]> + AsMut<[u64]>
         }
     }
 
-    #[cfg(not(any(target_arch = "x86", target_arch = "x86_64")))]
+    #[cfg(not(all(not(miri), any(target_arch = "x86", target_arch = "x86_64"))))]
     fn fill_bytes(&mut self, dest: &mut [u8]) {
         let mut read_len = 0;
         self.half_used = false;