epoll test: further clean up check_epoll_wait
Given that `check_epoll_wait` compared the length of the two slices, I don't think it was possible for it to ever return `false`. It's also strange to have some requirements checked inside the function and some checked by the caller, so let's just move it all inside the function.
Cc `@tiif` -- did I miss anything?
add 'project' process guidlines for larger contributions
Fixes https://github.com/rust-lang/miri/issues/3443
I am honestly not entirely sure what the consensus from what issue was. I feel like the epoll PR worked reasonably well, and not having been closely involved I am not sure which process `@oli-obk` followed there. Compared to the first draft in #3443 I tried to make this less formal and framed more as guidelines than hard rules.
FD: remove big surrounding RefCell, simplify socketpair
A while ago, I added the big implicit RefCell for all file descriptions since it avoided interior mutability in `eventfd`. However, this requires us to hold the RefCell "lock" around the entire invocation of the `read`/`write` methods on an FD, which is not great. For instance, if an FD wants to update epoll notifications from inside its `read`/`write`, it is very crucial that the notification check does not end up accessing the FD itself. Such cycles, however, occur naturally:
- eventfd wants to update notifications for itself
- socketfd wants to update notifications on its "peer", which will in turn check *its* peer to see whether that buffer is empty -- and my peer's peer is myself.
This then also lets us simplify socketpair, which currently holds a weak reference to its peer *and* a weak reference to the peer's buffer -- that was previously needed precisely to avoid this issue.
Make unused states of Reserved unrepresentable
In the [previous TB update](https://github.com/rust-lang/miri/pull/3742) we discovered that the existence of `Reserved + !ty_is_freeze + protected` is undesirable.
This has the side effect of making `Reserved { conflicted: true, ty_is_freeze: false }` unreachable.
As such it is desirable that this state would also be unrepresentable.
This PR eliminates the unused configuration by changing
```rs
enum PermissionPriv {
Reserved { ty_is_freeze: bool, conflicted: bool },
...
}
```
into
```rs
enum PermissionPriv {
ReservedFrz { conflicted: bool },
ReservedIM,
...
}
```
but this is not the only solution and `Reserved(Activable | Conflicted | InteriorMut)` could be discussed.
In addition to making the unreachable state not representable anymore, this change has the nice side effect of enabling `foreign_read` to no longer depend explicitly on the `protected` flag.
Currently waiting for
- `@JoJoDeveloping` to confirm that this is the same representation of `Reserved` as what is being implemented in simuliris,
- `@RalfJung` to approve that this does not introduce too much overhead in the trusted codebase.
Implement epoll shim
This PR:
- implemented non-blocking ``epoll`` for #3448 . The design for this PR is documented in https://hackmd.io/`@tiif/SJatftrH0` .
- renamed FileDescriptor to FileDescriptionRef
- assigned an ID to every file description
Borrow tracking: remove the concept of a call ID
Turns out this is not needed any more ever since we started tracking the `protected_tags` list in the per-frame state.
Also thanks to `@JoJoDeveloping` for inspiring me to even consider this possibility. :)
miri: make vtable addresses not globally unique
Miri currently gives vtables a unique global address. That's not actually matching reality though. So this PR enables Miri to generate different addresses for the same type-trait pair.
To avoid generating an unbounded number of `AllocId` (and consuming unbounded amounts of memory), we use the "salt" technique that we also already use for giving constants non-unique addresses: the cache is keyed on a "salt" value n top of the actually relevant key, and Miri picks a random salt (currently in the range `0..16`) each time it needs to choose an `AllocId` for one of these globals -- that means we'll get up to 16 different addresses for each vtable. The salt scheme is integrated into the global allocation deduplication logic in `tcx`, and also used for functions and string literals. (So this also fixes the problem that casting the same function to a fn ptr over and over will consume unbounded memory.)
r? `@saethlin`
Fixes https://github.com/rust-lang/miri/issues/3737
