diff options
| author | bors <bors@rust-lang.org> | 2022-10-08 17:59:45 +0000 |
|---|---|---|
| committer | bors <bors@rust-lang.org> | 2022-10-08 17:59:45 +0000 |
| commit | 8796e7a9cfd4c5c4f1de15ec1c53994ddf288665 (patch) | |
| tree | 82d32297c678847bba693c43a3be1b806a7a9637 | |
| parent | c27948d255167d827421401950c6d723ba28de8f (diff) | |
| parent | d71a85135ba9209cd93f14149ee4b14765ae8f57 (diff) | |
| download | rust-8796e7a9cfd4c5c4f1de15ec1c53994ddf288665.tar.gz rust-8796e7a9cfd4c5c4f1de15ec1c53994ddf288665.zip | |
Auto merge of #102315 - RalfJung:assert_unsafe_precondition, r=thomcc
add a few more assert_unsafe_precondition Add debug-assertion checking for `ptr.read()`, `ptr.write(_)`, and `unreachable_unchecked.` This is quite useful for [cargo-careful](https://github.com/RalfJung/cargo-careful).
| -rw-r--r-- | library/core/src/hint.rs | 5 | ||||
| -rw-r--r-- | library/core/src/ptr/mod.rs | 2 | ||||
| -rw-r--r-- | src/test/codegen/mem-replace-direct-memcpy.rs | 1 | ||||
| -rw-r--r-- | src/test/ui/consts/const_unsafe_unreachable_ub.stderr | 10 | ||||
| -rw-r--r-- | src/tools/miri/tests/fail/unaligned_pointers/unaligned_ptr1.rs | 2 | ||||
| -rw-r--r-- | src/tools/miri/tests/fail/unaligned_pointers/unaligned_ptr_addr_of.rs | 2 |
6 files changed, 14 insertions, 8 deletions
diff --git a/library/core/src/hint.rs b/library/core/src/hint.rs index f9267371aa7..80036bcc4de 100644 --- a/library/core/src/hint.rs +++ b/library/core/src/hint.rs @@ -100,7 +100,10 @@ use crate::intrinsics; pub const unsafe fn unreachable_unchecked() -> ! { // SAFETY: the safety contract for `intrinsics::unreachable` must // be upheld by the caller. - unsafe { intrinsics::unreachable() } + unsafe { + intrinsics::assert_unsafe_precondition!(() => false); + intrinsics::unreachable() + } } /// Emits a machine instruction to signal the processor that it is running in diff --git a/library/core/src/ptr/mod.rs b/library/core/src/ptr/mod.rs index e976abed774..d4ab234cec3 100644 --- a/library/core/src/ptr/mod.rs +++ b/library/core/src/ptr/mod.rs @@ -1114,6 +1114,7 @@ pub const unsafe fn read<T>(src: *const T) -> T { // Also, since we just wrote a valid value into `tmp`, it is guaranteed // to be properly initialized. unsafe { + assert_unsafe_precondition!([T](src: *const T) => is_aligned_and_not_null(src)); copy_nonoverlapping(src, tmp.as_mut_ptr(), 1); tmp.assume_init() } @@ -1307,6 +1308,7 @@ pub const unsafe fn write<T>(dst: *mut T, src: T) { // `dst` cannot overlap `src` because the caller has mutable access // to `dst` while `src` is owned by this function. unsafe { + assert_unsafe_precondition!([T](dst: *mut T) => is_aligned_and_not_null(dst)); copy_nonoverlapping(&src as *const T, dst, 1); intrinsics::forget(src); } diff --git a/src/test/codegen/mem-replace-direct-memcpy.rs b/src/test/codegen/mem-replace-direct-memcpy.rs index b41ef538d71..4318e926e47 100644 --- a/src/test/codegen/mem-replace-direct-memcpy.rs +++ b/src/test/codegen/mem-replace-direct-memcpy.rs @@ -4,6 +4,7 @@ // known to be `1` after inlining). // compile-flags: -C no-prepopulate-passes -Zinline-mir=no +// ignore-debug: the debug assertions get in the way #![crate_type = "lib"] diff --git a/src/test/ui/consts/const_unsafe_unreachable_ub.stderr b/src/test/ui/consts/const_unsafe_unreachable_ub.stderr index ec6ce1f5d7c..f6de3699f77 100644 --- a/src/test/ui/consts/const_unsafe_unreachable_ub.stderr +++ b/src/test/ui/consts/const_unsafe_unreachable_ub.stderr @@ -1,11 +1,11 @@ error[E0080]: evaluation of constant value failed --> $SRC_DIR/core/src/hint.rs:LL:COL | -LL | unsafe { intrinsics::unreachable() } - | ^^^^^^^^^^^^^^^^^^^^^^^^^ - | | - | entering unreachable code - | inside `unreachable_unchecked` at $SRC_DIR/core/src/hint.rs:LL:COL +LL | intrinsics::unreachable() + | ^^^^^^^^^^^^^^^^^^^^^^^^^ + | | + | entering unreachable code + | inside `unreachable_unchecked` at $SRC_DIR/core/src/hint.rs:LL:COL | ::: $DIR/const_unsafe_unreachable_ub.rs:6:18 | diff --git a/src/tools/miri/tests/fail/unaligned_pointers/unaligned_ptr1.rs b/src/tools/miri/tests/fail/unaligned_pointers/unaligned_ptr1.rs index 73adc4dc449..47d1f782cb6 100644 --- a/src/tools/miri/tests/fail/unaligned_pointers/unaligned_ptr1.rs +++ b/src/tools/miri/tests/fail/unaligned_pointers/unaligned_ptr1.rs @@ -3,7 +3,7 @@ fn main() { // Try many times as this might work by chance. - for _ in 0..10 { + for _ in 0..20 { let x = [2u16, 3, 4]; // Make it big enough so we don't get an out-of-bounds error. let x = &x[0] as *const _ as *const u32; // This must fail because alignment is violated: the allocation's base is not sufficiently aligned. diff --git a/src/tools/miri/tests/fail/unaligned_pointers/unaligned_ptr_addr_of.rs b/src/tools/miri/tests/fail/unaligned_pointers/unaligned_ptr_addr_of.rs index e439cf2b03b..f1032ab52bc 100644 --- a/src/tools/miri/tests/fail/unaligned_pointers/unaligned_ptr_addr_of.rs +++ b/src/tools/miri/tests/fail/unaligned_pointers/unaligned_ptr_addr_of.rs @@ -4,7 +4,7 @@ use std::ptr; fn main() { // Try many times as this might work by chance. - for _ in 0..10 { + for _ in 0..20 { let x = [2u16, 3, 4]; // Make it big enough so we don't get an out-of-bounds error. let x = &x[0] as *const _ as *const u32; // This must fail because alignment is violated: the allocation's base is not sufficiently aligned. |