fix(miri): Resolve Miri's concerns around unsafe code (#197)

Author: nathanwhit

.github/workflows/ci.yml

@@ -45,6 +45,24 @@ jobs:
       - name: Run tests
         run: cargo test --all --verbose --features fancy
 
+  miri:
+    name: Miri
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v1
+      - name: Install Rust
+        uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: nightly
+          components: miri,rust-src
+          override: true
+      - name: Run tests with miri
+        env:
+          MIRIFLAGS: -Zmiri-disable-isolation -Zmiri-strict-provenance
+        run: cargo miri test --all --verbose --features fancy
+
   minimal_versions:
     name: Minimal versions check
     runs-on: ${{ matrix.os }}

src/eyreish/context.rs

@@ -1,4 +1,4 @@
-use super::error::ContextError;
+use super::error::{ContextError, ErrorImpl};
 use super::{Report, WrapErr};
 use core::fmt::{self, Debug, Display, Write};
 
@@ -116,7 +116,7 @@ where
     D: Display,
 {
     fn source(&self) -> Option<&(dyn StdError + 'static)> {
-        Some(self.error.inner.error())
+        unsafe { Some(ErrorImpl::error(self.error.inner.by_ref())) }
     }
 }
 
@@ -159,23 +159,23 @@ where
     D: Display,
 {
     fn code<'a>(&'a self) -> Option<Box<dyn Display + 'a>> {
-        self.error.inner.diagnostic().code()
+        unsafe { ErrorImpl::diagnostic(self.error.inner.by_ref()).code() }
     }
 
     fn severity(&self) -> Option<crate::Severity> {
-        self.error.inner.diagnostic().severity()
+        unsafe { ErrorImpl::diagnostic(self.error.inner.by_ref()).severity() }
     }
 
     fn help<'a>(&'a self) -> Option<Box<dyn Display + 'a>> {
-        self.error.inner.diagnostic().help()
+        unsafe { ErrorImpl::diagnostic(self.error.inner.by_ref()).help() }
     }
 
     fn url<'a>(&'a self) -> Option<Box<dyn Display + 'a>> {
-        self.error.inner.diagnostic().url()
+        unsafe { ErrorImpl::diagnostic(self.error.inner.by_ref()).url() }
     }
 
     fn labels<'a>(&'a self) -> Option<Box<dyn Iterator<Item = LabeledSpan> + 'a>> {
-        self.error.inner.diagnostic().labels()
+        unsafe { ErrorImpl::diagnostic(self.error.inner.by_ref()).labels() }
     }
 
     fn source_code(&self) -> Option<&dyn crate::SourceCode> {

src/eyreish/error.rs

@@ -1,18 +1,20 @@
-use super::error::ErrorImpl;
+use super::{error::ErrorImpl, ptr::Ref};
 use core::fmt;
 
 impl ErrorImpl<()> {
-    pub(crate) fn display(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        self.handler
+    pub(crate) unsafe fn display(this: Ref<'_, Self>, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        this.deref()
+            .handler
             .as_ref()
-            .map(|handler| handler.display(self.error(), f))
-            .unwrap_or_else(|| core::fmt::Display::fmt(self.diagnostic(), f))
+            .map(|handler| handler.display(Self::error(this), f))
+            .unwrap_or_else(|| core::fmt::Display::fmt(Self::diagnostic(this), f))
     }
 
-    pub(crate) fn debug(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        self.handler
+    pub(crate) unsafe fn debug(this: Ref<'_, Self>, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        this.deref()
+            .handler
             .as_ref()
-            .map(|handler| handler.debug(self.diagnostic(), f))
-            .unwrap_or_else(|| core::fmt::Debug::fmt(self.diagnostic(), f))
+            .map(|handler| handler.debug(Self::diagnostic(this), f))
+            .unwrap_or_else(|| core::fmt::Debug::fmt(Self::diagnostic(this), f))
     }
 }

src/eyreish/fmt.rs

@@ -5,7 +5,6 @@
     clippy::wrong_self_convention
 )]
 use core::fmt::Display;
-use core::mem::ManuallyDrop;
 
 use std::error::Error as StdError;
 
@@ -34,12 +33,15 @@ use crate::MietteHandler;
 
 use error::ErrorImpl;
 
+use self::ptr::Own;
+
 mod context;
 mod error;
 mod fmt;
 mod into_diagnostic;
 mod kind;
 mod macros;
+mod ptr;
 mod wrapper;
 
 /**
@@ -50,9 +52,12 @@ Core Diagnostic wrapper type.
 You can just replace `use`s of `eyre::Report` with `miette::Report`.
 */
 pub struct Report {
-    inner: ManuallyDrop<Box<ErrorImpl<()>>>,
+    inner: Own<ErrorImpl<()>>,
 }
 
+unsafe impl Sync for Report {}
+unsafe impl Send for Report {}
+
 ///
 pub type ErrorHook =
     Box<dyn Fn(&(dyn Diagnostic + 'static)) -> Box<dyn ReportHandler> + Sync + Send + 'static>;

src/eyreish/mod.rs

@@ -0,0 +1,188 @@
+use std::{marker::PhantomData, ptr::NonNull};
+
+#[repr(transparent)]
+/// A raw pointer that owns its pointee
+pub(crate) struct Own<T>
+where
+    T: ?Sized,
+{
+    pub(crate) ptr: NonNull<T>,
+}
+
+unsafe impl<T> Send for Own<T> where T: ?Sized {}
+unsafe impl<T> Sync for Own<T> where T: ?Sized {}
+
+impl<T> Copy for Own<T> where T: ?Sized {}
+
+impl<T> Clone for Own<T>
+where
+    T: ?Sized,
+{
+    fn clone(&self) -> Self {
+        *self
+    }
+}
+
+impl<T> Own<T>
+where
+    T: ?Sized,
+{
+    pub(crate) fn new(ptr: Box<T>) -> Self {
+        Own {
+            ptr: unsafe { NonNull::new_unchecked(Box::into_raw(ptr)) },
+        }
+    }
+
+    pub(crate) fn cast<U: CastTo>(self) -> Own<U::Target> {
+        Own {
+            ptr: self.ptr.cast(),
+        }
+    }
+
+    pub(crate) unsafe fn boxed(self) -> Box<T> {
+        Box::from_raw(self.ptr.as_ptr())
+    }
+
+    pub(crate) fn by_ref<'a>(&self) -> Ref<'a, T> {
+        Ref {
+            ptr: self.ptr,
+            lifetime: PhantomData,
+        }
+    }
+
+    pub(crate) fn by_mut<'a>(self) -> Mut<'a, T> {
+        Mut {
+            ptr: self.ptr,
+            lifetime: PhantomData,
+        }
+    }
+}
+
+#[allow(explicit_outlives_requirements)]
+#[repr(transparent)]
+/// A raw pointer that represents a shared borrow of its pointee
+pub(crate) struct Ref<'a, T>
+where
+    T: ?Sized,
+{
+    pub(crate) ptr: NonNull<T>,
+    lifetime: PhantomData<&'a T>,
+}
+
+impl<'a, T> Copy for Ref<'a, T> where T: ?Sized {}
+
+impl<'a, T> Clone for Ref<'a, T>
+where
+    T: ?Sized,
+{
+    fn clone(&self) -> Self {
+        *self
+    }
+}
+
+impl<'a, T> Ref<'a, T>
+where
+    T: ?Sized,
+{
+    pub(crate) fn new(ptr: &'a T) -> Self {
+        Ref {
+            ptr: NonNull::from(ptr),
+            lifetime: PhantomData,
+        }
+    }
+
+    pub(crate) fn from_raw(ptr: NonNull<T>) -> Self {
+        Ref {
+            ptr,
+            lifetime: PhantomData,
+        }
+    }
+
+    pub(crate) fn cast<U: CastTo>(self) -> Ref<'a, U::Target> {
+        Ref {
+            ptr: self.ptr.cast(),
+            lifetime: PhantomData,
+        }
+    }
+
+    pub(crate) fn by_mut(self) -> Mut<'a, T> {
+        Mut {
+            ptr: self.ptr,
+            lifetime: PhantomData,
+        }
+    }
+
+    pub(crate) fn as_ptr(self) -> *const T {
+        self.ptr.as_ptr() as *const T
+    }
+
+    pub(crate) unsafe fn deref(self) -> &'a T {
+        &*self.ptr.as_ptr()
+    }
+}
+
+#[allow(explicit_outlives_requirements)]
+#[repr(transparent)]
+/// A raw pointer that represents a unique borrow of its pointee
+pub(crate) struct Mut<'a, T>
+where
+    T: ?Sized,
+{
+    pub(crate) ptr: NonNull<T>,
+    lifetime: PhantomData<&'a mut T>,
+}
+
+impl<'a, T> Copy for Mut<'a, T> where T: ?Sized {}
+
+impl<'a, T> Clone for Mut<'a, T>
+where
+    T: ?Sized,
+{
+    fn clone(&self) -> Self {
+        *self
+    }
+}
+
+impl<'a, T> Mut<'a, T>
+where
+    T: ?Sized,
+{
+    pub(crate) fn cast<U: CastTo>(self) -> Mut<'a, U::Target> {
+        Mut {
+            ptr: self.ptr.cast(),
+            lifetime: PhantomData,
+        }
+    }
+
+    pub(crate) fn by_ref(self) -> Ref<'a, T> {
+        Ref {
+            ptr: self.ptr,
+            lifetime: PhantomData,
+        }
+    }
+
+    pub(crate) fn extend<'b>(self) -> Mut<'b, T> {
+        Mut {
+            ptr: self.ptr,
+            lifetime: PhantomData,
+        }
+    }
+
+    pub(crate) unsafe fn deref_mut(self) -> &'a mut T {
+        &mut *self.ptr.as_ptr()
+    }
+}
+
+impl<'a, T> Mut<'a, T> {
+    pub(crate) unsafe fn read(self) -> T {
+        self.ptr.as_ptr().read()
+    }
+}
+
+pub(crate) trait CastTo {
+    type Target;
+}
+
+impl<T> CastTo for T {
+    type Target = T;
+}

src/eyreish/ptr.rs

@@ -261,6 +261,7 @@ impl MietteHandlerOpts {
         }
     }
 
+    #[cfg(not(miri))]
     pub(crate) fn get_width(&self) -> usize {
         self.width.unwrap_or_else(|| {
             terminal_size::terminal_size()
@@ -269,6 +270,14 @@ impl MietteHandlerOpts {
                  .0 as usize
         })
     }
+
+    #[cfg(miri)]
+    // miri doesn't support a syscall (specifically ioctl)
+    // performed by terminal_size, which causes test execution to fail
+    // so when miri is running we'll just fallback to a constant
+    pub(crate) fn get_width(&self) -> usize {
+        self.width.unwrap_or(80)
+    }
 }
 
 /**

src/handler.rs

@@ -73,7 +73,7 @@ fn context_info<'a>(
     }
 
     if offset >= (span.offset() + span.len()).saturating_sub(1) {
-        let starting_offset = before_lines_starts.get(0).copied().unwrap_or_else(|| {
+        let starting_offset = before_lines_starts.first().copied().unwrap_or_else(|| {
             if context_lines_before == 0 {
                 span.offset()
             } else {

src/source_impls.rs

@@ -1,4 +1,5 @@
 #[rustversion::attr(not(nightly), ignore)]
+#[cfg_attr(miri, ignore)]
 #[test]
 fn ui() {
     let t = trybuild::TestCases::new();