@@ -258,33 +258,12 @@ up the sysroot. If you are using `miri` (the Miri driver) directly, see the
258258[miri-flags] : # miri--z-flags-and-environment-variables
259259
260260Miri adds its own set of `-Z` flags, which are usually set via the `MIRIFLAGS`
261- environment variable. Some of these are **unsound**, which means they can lead
262- to Miri failing to detect cases of undefined behavior in a program.
261+ environment variable. We first document the most relevant and most commonly used flags :
263262
264- * `-Zmiri-check-number-validity` enables checking of integer and float validity
265- (e.g., they must be initialized and not carry pointer provenance) as part of
266- enforcing validity invariants. This has no effect when
267- ` -Zmiri-disable-validation` is present.
268263* `-Zmiri-compare-exchange-weak-failure-rate=<rate>` changes the failure rate of
269264 ` compare_exchange_weak` operations. The default is `0.8` (so 4 out of 5 weak ops will fail).
270265 You can change it to any value between `0.0` and `1.0`, where `1.0` means it
271266 will always fail and `0.0` means it will never fail.
272- * `-Zmiri-disable-abi-check` disables checking [function ABI]. Using this flag
273- is **unsound**.
274- * `-Zmiri-disable-alignment-check` disables checking pointer alignment, so you
275- can focus on other failures, but it means Miri can miss bugs in your program.
276- Using this flag is **unsound**.
277- * `-Zmiri-disable-data-race-detector` disables checking for data races. Using
278- this flag is **unsound**.
279- * `-Zmiri-disable-stacked-borrows` disables checking the experimental
280- [Stacked Borrows] aliasing rules. This can make Miri run faster, but it also
281- means no aliasing violations will be detected. Using this flag is **unsound**
282- (but the affected soundness rules are experimental).
283- * `-Zmiri-disable-validation` disables enforcing validity invariants, which are
284- enforced by default. This is mostly useful to focus on other failures (such
285- as out-of-bounds accesses) first. Setting this flag means Miri can miss bugs
286- in your program. However, this can also help to make Miri run faster. Using
287- this flag is **unsound**.
288267* `-Zmiri-disable-isolation` disables host isolation. As a consequence,
289268 the program has access to host resources such as environment variables, file
290269 systems, and randomness.
@@ -299,12 +278,50 @@ to Miri failing to detect cases of undefined behavior in a program.
299278 cannot be accessed by the program. Can be used multiple times to exclude several variables. The
300279 ` TERM` environment variable is excluded by default to [speed up the test
301280 harness](https://github.com/rust-lang/miri/issues/1702). This has no effect unless
302- ` -Zmiri-disable-validation ` is also set.
281+ ` -Zmiri-disable-isolation ` is also set.
303282* `-Zmiri-env-forward=<var>` forwards the `var` environment variable to the interpreted program. Can
304283 be used multiple times to forward several variables. This has no effect if
305- ` -Zmiri-disable-validation ` is set.
284+ ` -Zmiri-disable-isolation ` is set.
306285* `-Zmiri-ignore-leaks` disables the memory leak checker, and also allows some
307286 remaining threads to exist when the main thread exits.
287+ * `-Zmiri-seed=<hex>` configures the seed of the RNG that Miri uses to resolve
288+ non-determinism. This RNG is used to pick base addresses for allocations. When
289+ isolation is enabled (the default), this is also used to emulate system
290+ entropy. The default seed is 0. You can increase test coverage by running Miri
291+ multiple times with different seeds.
292+ **NOTE**: This entropy is not good enough for cryptographic use! Do not
293+ generate secret keys in Miri or perform other kinds of cryptographic
294+ operations that rely on proper random numbers.
295+ * `-Zmiri-strict-provenance` enables [strict
296+ provenance](https://github.com/rust-lang/rust/issues/95228) checking in Miri. This means that
297+ casting an integer to a pointer yields a result with 'invalid' provenance, i.e., with provenance
298+ that cannot be used for any memory access. Also implies `-Zmiri-tag-raw-pointers` and
299+ ` -Zmiri-check-number-validity` .
300+
301+ The remaining flags are for advanced use only, and more likely to change or be removed.
302+ Some of these are **unsound**, which means they can lead
303+ to Miri failing to detect cases of undefined behavior in a program.
304+
305+ * `-Zmiri-check-number-validity` enables checking of integer and float validity
306+ (e.g., they must be initialized and not carry pointer provenance) as part of
307+ enforcing validity invariants. This has no effect when
308+ ` -Zmiri-disable-validation` is present.
309+ * `-Zmiri-disable-abi-check` disables checking [function ABI]. Using this flag
310+ is **unsound**.
311+ * `-Zmiri-disable-alignment-check` disables checking pointer alignment, so you
312+ can focus on other failures, but it means Miri can miss bugs in your program.
313+ Using this flag is **unsound**.
314+ * `-Zmiri-disable-data-race-detector` disables checking for data races. Using
315+ this flag is **unsound**.
316+ * `-Zmiri-disable-stacked-borrows` disables checking the experimental
317+ [Stacked Borrows] aliasing rules. This can make Miri run faster, but it also
318+ means no aliasing violations will be detected. Using this flag is **unsound**
319+ (but the affected soundness rules are experimental).
320+ * `-Zmiri-disable-validation` disables enforcing validity invariants, which are
321+ enforced by default. This is mostly useful to focus on other failures (such
322+ as out-of-bounds accesses) first. Setting this flag means Miri can miss bugs
323+ in your program. However, this can also help to make Miri run faster. Using
324+ this flag is **unsound**.
308325* `-Zmiri-measureme=<name>` enables `measureme` profiling for the interpreted program.
309326 This can be used to find which parts of your program are executing slowly under Miri.
310327 The profile is written out to a file with the prefix `<name>`, and can be processed
@@ -329,17 +346,6 @@ to Miri failing to detect cases of undefined behavior in a program.
329346 memory/pointers which is subject to these operations. Also note that this flag
330347 is currently incompatible with Stacked Borrows, so you will have to also pass
331348 ` -Zmiri-disable-stacked-borrows` to use this.
332- * `-Zmiri-seed=<hex>` configures the seed of the RNG that Miri uses to resolve
333- non-determinism. This RNG is used to pick base addresses for allocations.
334- When isolation is enabled (the default), this is also used to emulate system
335- entropy. The default seed is 0. **NOTE** : This entropy is not good enough
336- for cryptographic use! Do not generate secret keys in Miri or perform other
337- kinds of cryptographic operations that rely on proper random numbers.
338- * `-Zmiri-strict-provenance` enables [strict
339- provenance](https://github.com/rust-lang/rust/issues/95228) checking in Miri. This means that
340- casting an integer to a pointer yields a result with 'invalid' provenance, i.e., with provenance
341- that cannot be used for any memory access. Also implies `-Zmiri-tag-raw-pointers` and
342- ` -Zmiri-check-number-validity` .
343349* `-Zmiri-symbolic-alignment-check` makes the alignment check more strict. By
344350 default, alignment is checked by casting the pointer to an integer, and making
345351 sure that is a multiple of the alignment. This can lead to cases where a
0 commit comments