const align

Lukas Markeffsky · Lukas Markeffsky · commit c94c007211fe · 2023-04-14T16:56:36.000+02:00
diff --git a/library/core/src/intrinsics.rs b/library/core/src/intrinsics.rs
@@ -57,6 +57,7 @@
 use crate::marker::DiscriminantKind;
 use crate::marker::Tuple;
 use crate::mem;
+use crate::panic::debug_assert_nounwind;
 
 pub mod mir;
 
@@ -2500,13 +2501,15 @@ pub(crate) use assert_unsafe_precondition;
 
 /// Checks whether `ptr` is properly aligned with respect to
 /// `align_of::<T>()`.
-pub(crate) fn is_aligned_and_not_null<T>(ptr: *const T) -> bool {
+#[rustc_const_unstable(feature = "core_panic", issue = "none")]
+pub(crate) const fn is_aligned_and_not_null<T>(ptr: *const T) -> bool {
     !ptr.is_null() && ptr.is_aligned()
 }
 
 /// Checks whether an allocation of `len` instances of `T` exceeds
 /// the maximum allowed allocation size.
-pub(crate) fn is_valid_allocation_size<T>(len: usize) -> bool {
+#[rustc_const_unstable(feature = "core_panic", issue = "none")]
+pub(crate) const fn is_valid_allocation_size<T>(len: usize) -> bool {
     let max_len = const {
         let size = crate::mem::size_of::<T>();
         if size == 0 { usize::MAX } else { isize::MAX as usize / size }
@@ -2707,22 +2710,21 @@ pub const unsafe fn copy_nonoverlapping<T>(src: *const T, dst: *mut T, count: us
 #[rustc_const_stable(feature = "const_intrinsic_copy", since = "1.63.0")]
 #[inline]
 #[cfg_attr(miri, track_caller)] // even without panics, this helps for Miri backtraces
+#[rustc_allow_const_fn_unstable(core_panic)]
 pub const unsafe fn copy<T>(src: *const T, dst: *mut T, count: usize) {
     extern "rust-intrinsic" {
         #[rustc_const_stable(feature = "const_intrinsic_copy", since = "1.63.0")]
         #[rustc_nounwind]
         fn copy<T>(src: *const T, dst: *mut T, count: usize);
     }
 
+    debug_assert_nounwind!(
+        is_aligned_and_not_null(src) && is_aligned_and_not_null(dst),
+        "ptr::copy requires that both pointer arguments are aligned aligned and non-null",
+    );
+
     // SAFETY: the safety contract for `copy` must be upheld by the caller.
-    unsafe {
-        assert_unsafe_precondition!(
-            "ptr::copy requires that both pointer arguments are aligned aligned and non-null",
-            [T](src: *const T, dst: *mut T) =>
-            is_aligned_and_not_null(src) && is_aligned_and_not_null(dst)
-        );
-        copy(src, dst, count)
-    }
+    unsafe { copy(src, dst, count) }
 }
 
 /// Sets `count * size_of::<T>()` bytes of memory starting at `dst` to
@@ -2787,12 +2789,11 @@ pub const unsafe fn write_bytes<T>(dst: *mut T, val: u8, count: usize) {
         fn write_bytes<T>(dst: *mut T, val: u8, count: usize);
     }
 
+    debug_assert_nounwind!(
+        is_aligned_and_not_null(dst),
+        "ptr::write_bytes requires that the destination pointer is aligned and non-null",
+    );
+
     // SAFETY: the safety contract for `write_bytes` must be upheld by the caller.
-    unsafe {
-        assert_unsafe_precondition!(
-            "ptr::write_bytes requires that the destination pointer is aligned and non-null",
-            [T](dst: *mut T) => is_aligned_and_not_null(dst)
-        );
-        write_bytes(dst, val, count)
-    }
+    unsafe { write_bytes(dst, val, count) }
 }
diff --git a/library/core/src/panicking.rs b/library/core/src/panicking.rs
@@ -137,7 +137,15 @@ pub const fn panic(expr: &'static str) -> ! {
 #[cfg_attr(feature = "panic_immediate_abort", inline)]
 #[lang = "panic_nounwind"] // needed by codegen for non-unwinding panics
 #[rustc_nounwind]
+const fn lang_panic_nounwind(expr: &'static str) -> ! {
+    panic_nounwind(expr);
+}
+
+#[cfg_attr(not(feature = "panic_immediate_abort"), inline(never), cold)]
+#[cfg_attr(feature = "panic_immediate_abort", inline)]
+#[rustc_nounwind]
 #[rustc_const_unstable(feature = "core_panic", issue = "none")]
+#[track_caller]
 pub const fn panic_nounwind(expr: &'static str) -> ! {
     panic_nounwind_fmt(fmt::Arguments::new_const(&[expr]));
 }
diff --git a/library/core/src/ptr/mod.rs b/library/core/src/ptr/mod.rs
@@ -374,6 +374,7 @@ use crate::hash;
 use crate::intrinsics::{
     self, assert_unsafe_precondition, is_aligned_and_not_null, is_nonoverlapping,
 };
+use crate::panic::debug_assert_nounwind;
 
 use crate::mem::{self, MaybeUninit};
 
@@ -1161,13 +1162,13 @@ pub const unsafe fn read<T>(src: *const T) -> T {
     // Future enhancements to MIR optimizations might well allow this to return
     // to the previous implementation, rather than using an intrinsic.
 
+    debug_assert_nounwind!(
+        is_aligned_and_not_null(src),
+        "ptr::read requires that the pointer argument is aligned and non-null",
+    );
+
     // SAFETY: the caller must guarantee that `src` is valid for reads.
     unsafe {
-        assert_unsafe_precondition!(
-            "ptr::read requires that the pointer argument is aligned and non-null",
-            [T](src: *const T) => is_aligned_and_not_null(src)
-        );
-
         #[cfg(bootstrap)]
         {
             // We are calling the intrinsics directly to avoid function calls in the
@@ -1375,14 +1376,15 @@ pub const unsafe fn write<T>(dst: *mut T, src: T) {
         fn copy_nonoverlapping<T>(src: *const T, dst: *mut T, count: usize);
     }
 
+    debug_assert_nounwind!(
+        is_aligned_and_not_null(dst),
+        "ptr::write requires that the pointer argument is aligned and non-null",
+    );
+
     // SAFETY: the caller must guarantee that `dst` is valid for writes.
     // `dst` cannot overlap `src` because the caller has mutable access
     // to `dst` while `src` is owned by this function.
     unsafe {
-        assert_unsafe_precondition!(
-            "ptr::write requires that the pointer argument is aligned and non-null",
-            [T](dst: *mut T) => is_aligned_and_not_null(dst)
-        );
         copy_nonoverlapping(&src as *const T, dst, 1);
         intrinsics::forget(src);
     }
@@ -1544,14 +1546,13 @@ pub const unsafe fn write_unaligned<T>(dst: *mut T, src: T) {
 #[stable(feature = "volatile", since = "1.9.0")]
 #[cfg_attr(miri, track_caller)] // even without panics, this helps for Miri backtraces
 pub unsafe fn read_volatile<T>(src: *const T) -> T {
+    debug_assert_nounwind!(
+        is_aligned_and_not_null(src),
+        "ptr::read_volatile requires that the pointer argument is aligned and non-null",
+    );
+
     // SAFETY: the caller must uphold the safety contract for `volatile_load`.
-    unsafe {
-        assert_unsafe_precondition!(
-            "ptr::read_volatile requires that the pointer argument is aligned and non-null",
-            [T](src: *const T) => is_aligned_and_not_null(src)
-        );
-        intrinsics::volatile_load(src)
-    }
+    unsafe { intrinsics::volatile_load(src) }
 }
 
 /// Performs a volatile write of a memory location with the given value without
@@ -1618,12 +1619,13 @@ pub unsafe fn read_volatile<T>(src: *const T) -> T {
 #[stable(feature = "volatile", since = "1.9.0")]
 #[cfg_attr(miri, track_caller)] // even without panics, this helps for Miri backtraces
 pub unsafe fn write_volatile<T>(dst: *mut T, src: T) {
+    debug_assert_nounwind!(
+        is_aligned_and_not_null(dst),
+        "ptr::write_volatile requires that the pointer argument is aligned and non-null",
+    );
+
     // SAFETY: the caller must uphold the safety contract for `volatile_store`.
     unsafe {
-        assert_unsafe_precondition!(
-            "ptr::write_volatile requires that the pointer argument is aligned and non-null",
-            [T](dst: *mut T) => is_aligned_and_not_null(dst)
-        );
         intrinsics::volatile_store(dst, src);
     }
 }
diff --git a/library/core/src/slice/raw.rs b/library/core/src/slice/raw.rs
@@ -1,10 +1,9 @@
 //! Free functions to create `&[T]` and `&mut [T]`.
 
 use crate::array;
-use crate::intrinsics::{
-    assert_unsafe_precondition, is_aligned_and_not_null, is_valid_allocation_size,
-};
+use crate::intrinsics::{is_aligned_and_not_null, is_valid_allocation_size};
 use crate::ops::Range;
+use crate::panic::debug_assert_nounwind;
 use crate::ptr;
 
 /// Forms a slice from a pointer and a length.
@@ -89,16 +88,15 @@ use crate::ptr;
 #[stable(feature = "rust1", since = "1.0.0")]
 #[rustc_const_stable(feature = "const_slice_from_raw_parts", since = "1.64.0")]
 #[must_use]
+#[rustc_allow_const_fn_unstable(core_panic)]
 pub const unsafe fn from_raw_parts<'a, T>(data: *const T, len: usize) -> &'a [T] {
+    debug_assert_nounwind!(
+        is_aligned_and_not_null(data) && is_valid_allocation_size::<T>(len),
+        "slice::from_raw_parts requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX`",
+    );
+
     // SAFETY: the caller must uphold the safety contract for `from_raw_parts`.
-    unsafe {
-        assert_unsafe_precondition!(
-            "slice::from_raw_parts requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX`",
-            [T](data: *const T, len: usize) => is_aligned_and_not_null(data)
-                && is_valid_allocation_size::<T>(len)
-        );
-        &*ptr::slice_from_raw_parts(data, len)
-    }
+    unsafe { &*ptr::slice_from_raw_parts(data, len) }
 }
 
 /// Performs the same functionality as [`from_raw_parts`], except that a
@@ -135,15 +133,13 @@ pub const unsafe fn from_raw_parts<'a, T>(data: *const T, len: usize) -> &'a [T]
 #[rustc_const_unstable(feature = "const_slice_from_raw_parts_mut", issue = "67456")]
 #[must_use]
 pub const unsafe fn from_raw_parts_mut<'a, T>(data: *mut T, len: usize) -> &'a mut [T] {
+    debug_assert_nounwind!(
+        is_aligned_and_not_null(data) && is_valid_allocation_size::<T>(len),
+        "slice::from_raw_parts_mut requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX`",
+    );
+
     // SAFETY: the caller must uphold the safety contract for `from_raw_parts_mut`.
-    unsafe {
-        assert_unsafe_precondition!(
-            "slice::from_raw_parts_mut requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX`",
-            [T](data: *mut T, len: usize) => is_aligned_and_not_null(data)
-                && is_valid_allocation_size::<T>(len)
-        );
-        &mut *ptr::slice_from_raw_parts_mut(data, len)
-    }
+    unsafe { &mut *ptr::slice_from_raw_parts_mut(data, len) }
 }
 
 /// Converts a reference to T into a slice of length 1 (without copying).
diff --git a/tests/ui/const-ptr/forbidden_slices.rs b/tests/ui/const-ptr/forbidden_slices.rs
@@ -1,3 +1,4 @@
+// ignore-debug
 // Strip out raw byte dumps to make comparison platform-independent:
 // normalize-stderr-test "(the raw bytes of the constant) \(size: [0-9]*, align: [0-9]*\)" -> "$1 (size: $$SIZE, align: $$ALIGN)"
 // normalize-stderr-test "([0-9a-f][0-9a-f] |╾─*a(lloc)?[0-9]+(\+[a-z0-9]+)?─*╼ )+ *│.*" -> "HEX_DUMP"
diff --git a/tests/ui/consts/const-eval/ub-ref-ptr.rs b/tests/ui/consts/const-eval/ub-ref-ptr.rs
@@ -1,4 +1,5 @@
 // ignore-tidy-linelength
+// ignore-debug
 // Strip out raw byte dumps to make comparison platform-independent:
 // normalize-stderr-test "(the raw bytes of the constant) \(size: [0-9]*, align: [0-9]*\)" -> "$1 (size: $$SIZE, align: $$ALIGN)"
 // normalize-stderr-test "([0-9a-f][0-9a-f] |╾─*a(lloc)?[0-9]+(\+[a-z0-9]+)?─*╼ )+ *│.*" -> "HEX_DUMP"

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+// ignore-debug`
`1`	`2`	`// Strip out raw byte dumps to make comparison platform-independent:`
`2`	`3`	`// normalize-stderr-test "(the raw bytes of the constant) \(size: [0-9], align: [0-9]\)" -> "$1 (size: $$SIZE, align: $$ALIGN)"`
`3`	`4`	`// normalize-stderr-test "([0-9a-f][0-9a-f] \|╾─a(lloc)?[0-9]+(\+[a-z0-9]+)?─╼ )+ │." -> "HEX_DUMP"`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`// ignore-tidy-linelength`
	`2`	`+// ignore-debug`
`2`	`3`	`// Strip out raw byte dumps to make comparison platform-independent:`
`3`	`4`	`// normalize-stderr-test "(the raw bytes of the constant) \(size: [0-9], align: [0-9]\)" -> "$1 (size: $$SIZE, align: $$ALIGN)"`
`4`	`5`	`// normalize-stderr-test "([0-9a-f][0-9a-f] \|╾─a(lloc)?[0-9]+(\+[a-z0-9]+)?─╼ )+ │." -> "HEX_DUMP"`