rust-lang · royAmmerschuber · Oct 13, 2025 · Oct 19, 2025 · Oct 19, 2025 · Oct 26, 2025
diff --git a/Cargo.toml b/Cargo.toml
@@ -72,7 +72,7 @@ harness = false
 default = ["stack-cache", "native-lib"]
 genmc = ["dep:genmc-sys"]
 stack-cache = []
-stack-cache-consistency-check = ["stack-cache"]
+expensive-consistency-checks = ["stack-cache"]
 tracing = ["serde_json"]
 native-lib = ["dep:libffi", "dep:libloading", "dep:capstone", "dep:ipc-channel", "dep:nix", "dep:serde"]
 

diff --git a/src/bin/miri.rs b/src/bin/miri.rs
@@ -524,7 +524,6 @@ fn main() {
                 Some(BorrowTrackerMethod::TreeBorrows(TreeBorrowsParams {
                     precise_interior_mut: true,
                 }));
-            miri_config.provenance_mode = ProvenanceMode::Strict;
         } else if arg == "-Zmiri-tree-borrows-no-precise-interior-mut" {
             match &mut miri_config.borrow_tracker {
                 Some(BorrowTrackerMethod::TreeBorrows(params)) => {
@@ -720,17 +719,6 @@ fn main() {
             rustc_args.push(arg);
         }
     }
-    // Tree Borrows implies strict provenance, and is not compatible with native calls.
-    if matches!(miri_config.borrow_tracker, Some(BorrowTrackerMethod::TreeBorrows { .. })) {
-        if miri_config.provenance_mode != ProvenanceMode::Strict {
-            fatal_error!(
-                "Tree Borrows does not support integer-to-pointer casts, and hence requires strict provenance"
-            );
-        }
-        if !miri_config.native_lib.is_empty() {
-            fatal_error!("Tree Borrows is not compatible with calling native functions");
-        }
-    }
 
     // Native calls and strict provenance are not compatible.
     if !miri_config.native_lib.is_empty() && miri_config.provenance_mode == ProvenanceMode::Strict {

diff --git a/src/borrow_tracker/mod.rs b/src/borrow_tracker/mod.rs
@@ -365,6 +365,7 @@ pub trait EvalContextExt<'tcx>: crate::MiriInterpCxExt<'tcx> {
         let borrow_tracker = this.machine.borrow_tracker.as_ref().unwrap();
         // The body of this loop needs `borrow_tracker` immutably
         // so we can't move this code inside the following `end_call`.
+
         for (alloc_id, tag) in &frame
             .extra
             .borrow_tracker

diff --git a/src/borrow_tracker/stacked_borrows/stack.rs b/src/borrow_tracker/stacked_borrows/stack.rs
@@ -153,7 +153,7 @@ impl<'tcx> Stack {
     /// Panics if any of the caching mechanisms have broken,
     /// - The StackCache indices don't refer to the parallel items,
     /// - There are no Unique items outside of first_unique..last_unique
-    #[cfg(feature = "stack-cache-consistency-check")]
+    #[cfg(feature = "expensive-consistency-checks")]
     fn verify_cache_consistency(&self) {
         // Only a full cache needs to be valid. Also see the comments in find_granting_cache
         // and set_unknown_bottom.
@@ -197,7 +197,7 @@ impl<'tcx> Stack {
         tag: ProvenanceExtra,
         exposed_tags: &FxHashSet<BorTag>,
     ) -> Result<Option<usize>, ()> {
-        #[cfg(feature = "stack-cache-consistency-check")]
+        #[cfg(feature = "expensive-consistency-checks")]
         self.verify_cache_consistency();
 
         let ProvenanceExtra::Concrete(tag) = tag else {
@@ -334,7 +334,7 @@ impl<'tcx> Stack {
         // This primes the cache for the next access, which is almost always the just-added tag.
         self.cache.add(new_idx, new);
 
-        #[cfg(feature = "stack-cache-consistency-check")]
+        #[cfg(feature = "expensive-consistency-checks")]
         self.verify_cache_consistency();
     }
 
@@ -417,7 +417,7 @@ impl<'tcx> Stack {
             self.unique_range.end = self.unique_range.end.min(disable_start);
         }
 
-        #[cfg(feature = "stack-cache-consistency-check")]
+        #[cfg(feature = "expensive-consistency-checks")]
         self.verify_cache_consistency();
 
         interp_ok(())
@@ -472,7 +472,7 @@ impl<'tcx> Stack {
             self.unique_range = 0..0;
         }
 
-        #[cfg(feature = "stack-cache-consistency-check")]
+        #[cfg(feature = "expensive-consistency-checks")]
         self.verify_cache_consistency();
         interp_ok(())
     }

diff --git a/src/borrow_tracker/tree_borrows/diagnostics.rs b/src/borrow_tracker/tree_borrows/diagnostics.rs
@@ -291,9 +291,10 @@ pub(super) struct TbError<'node> {
     pub conflicting_info: &'node NodeDebugInfo,
     // What kind of access caused this error (read, write, reborrow, deallocation)
     pub access_cause: AccessCause,
-    /// Which tag the access that caused this error was made through, i.e.
+    /// Which tag if any the access that caused this error was made through, i.e.
     /// which tag was used to read/write/deallocate.
-    pub accessed_info: &'node NodeDebugInfo,
+    /// Not set on wildcard accesses.
+    pub accessed_info: Option<&'node NodeDebugInfo>,
 }
 
 impl TbError<'_> {
@@ -302,10 +303,12 @@ impl TbError<'_> {
         use TransitionError::*;
         let cause = self.access_cause;
         let accessed = self.accessed_info;
+        let accessed_str =
+            self.accessed_info.map(|v| format!("{v}")).unwrap_or_else(|| "wildcard".into());
         let conflicting = self.conflicting_info;
-        let accessed_is_conflicting = accessed.tag == conflicting.tag;
+        let accessed_is_conflicting = accessed.map(|a| a.tag == conflicting.tag).unwrap_or(false);
         let title = format!(
-            "{cause} through {accessed} at {alloc_id:?}[{offset:#x}] is forbidden",
+            "{cause} through {accessed_str} at {alloc_id:?}[{offset:#x}] is forbidden",
             alloc_id = self.alloc_id,
             offset = self.error_offset
         );
@@ -316,7 +319,7 @@ impl TbError<'_> {
                 let mut details = Vec::new();
                 if !accessed_is_conflicting {
                     details.push(format!(
-                        "the accessed tag {accessed} is a child of the conflicting tag {conflicting}"
+                        "the accessed tag {accessed_str} is a child of the conflicting tag {conflicting}"
                     ));
                 }
                 let access = cause.print_as_access(/* is_foreign */ false);
@@ -330,7 +333,7 @@ impl TbError<'_> {
                 let access = cause.print_as_access(/* is_foreign */ true);
                 let details = vec![
                     format!(
-                        "the accessed tag {accessed} is foreign to the {conflicting_tag_name} tag {conflicting} (i.e., it is not a child)"
+                        "the accessed tag {accessed_str} is foreign to the {conflicting_tag_name} tag {conflicting} (i.e., it is not a child)"
                     ),
                     format!(
                         "this {access} would cause the {conflicting_tag_name} tag {conflicting} (currently {before_disabled}) to become Disabled"
@@ -343,16 +346,18 @@ impl TbError<'_> {
                 let conflicting_tag_name = "strongly protected";
                 let details = vec![
                     format!(
-                        "the allocation of the accessed tag {accessed} also contains the {conflicting_tag_name} tag {conflicting}"
+                        "the allocation of the accessed tag {accessed_str} also contains the {conflicting_tag_name} tag {conflicting}"
                     ),
                     format!("the {conflicting_tag_name} tag {conflicting} disallows deallocations"),
                 ];
                 (title, details, conflicting_tag_name)
             }
         };
         let mut history = HistoryData::default();
-        if !accessed_is_conflicting {
-            history.extend(self.accessed_info.history.forget(), "accessed", false);
+        if let Some(accessed_info) = self.accessed_info
+            && !accessed_is_conflicting
+        {
+            history.extend(accessed_info.history.forget(), "accessed", false);
         }
         history.extend(
             self.conflicting_info.history.extract_relevant(self.error_offset, self.error_kind),
@@ -362,6 +367,21 @@ impl TbError<'_> {
         err_machine_stop!(TerminationInfo::TreeBorrowsUb { title, details, history })
     }
 }
+/// Cannot access this allocation with wildcard provenance, as there are no
+/// valid exposed references for this access kind.
+pub fn no_valid_exposed_references_error<'tcx>(
+    alloc_id: AllocId,
+    offset: u64,
+    access_cause: AccessCause,
+) -> InterpErrorKind<'tcx> {
+    let title =
+        format!("{access_cause} through wildcard at {alloc_id:?}[{offset:#x}] is forbidden");
+    let details = vec![format!(
+        "there are no exposed references who have {access_cause} permissions to this location"
+    )];
+    let history = HistoryData::default();
+    err_machine_stop!(TerminationInfo::TreeBorrowsUb { title, details, history })
+}
 
 type S = &'static str;
 /// Pretty-printing details
@@ -625,8 +645,8 @@ impl DisplayRepr {
                 let rperm = tree
                     .rperms
                     .iter_all()
-                    .map(move |(_offset, perms)| {
-                        let perm = perms.get(idx);
+                    .map(move |(_offset, loc)| {
+                        let perm = loc.perms.get(idx);
                         perm.cloned()
                     })
                     .collect::<Vec<_>>();