diff options
| author | bors <bors@rust-lang.org> | 2023-08-11 23:40:33 +0000 |
|---|---|---|
| committer | bors <bors@rust-lang.org> | 2023-08-11 23:40:33 +0000 |
| commit | b08dd92552d663e3c877c8e5ce859e212205a09f (patch) | |
| tree | 35115dc5d36e25f179d98e3b1c7121aca1117fe4 | |
| parent | a6f8aa5a092c5e46fcbdafe4c80b4e55ba0de41c (diff) | |
| parent | ab6e2bc3d0dbe518fc647078b32f29b4151fda2c (diff) | |
| download | rust-b08dd92552d663e3c877c8e5ce859e212205a09f.tar.gz rust-b08dd92552d663e3c877c8e5ce859e212205a09f.zip | |
Auto merge of #114720 - scottmcm:better-sub, r=workingjubilee
Tell LLVM that the negation in `<*const T>::sub` cannot overflow Today it's just `sub` <https://rust.godbolt.org/z/8EzEPnMr5>; with this PR it's `sub nsw`.
| -rw-r--r-- | library/core/src/ptr/const_ptr.rs | 15 | ||||
| -rw-r--r-- | library/core/src/ptr/mut_ptr.rs | 14 | ||||
| -rw-r--r-- | tests/codegen/ptr-arithmetic.rs | 34 |
3 files changed, 58 insertions, 5 deletions
diff --git a/library/core/src/ptr/const_ptr.rs b/library/core/src/ptr/const_ptr.rs index 74046a9c7c3..502f8a75863 100644 --- a/library/core/src/ptr/const_ptr.rs +++ b/library/core/src/ptr/const_ptr.rs @@ -1,7 +1,7 @@ use super::*; use crate::cmp::Ordering::{self, Equal, Greater, Less}; use crate::intrinsics::{self, const_eval_select}; -use crate::mem; +use crate::mem::{self, SizedTypeProperties}; use crate::slice::{self, SliceIndex}; impl<T: ?Sized> *const T { @@ -995,14 +995,23 @@ impl<T: ?Sized> *const T { #[stable(feature = "pointer_methods", since = "1.26.0")] #[must_use = "returns a new pointer rather than modifying its argument"] #[rustc_const_stable(feature = "const_ptr_offset", since = "1.61.0")] + // We could always go back to wrapping if unchecked becomes unacceptable + #[rustc_allow_const_fn_unstable(const_int_unchecked_arith)] #[inline(always)] #[cfg_attr(miri, track_caller)] // even without panics, this helps for Miri backtraces pub const unsafe fn sub(self, count: usize) -> Self where T: Sized, { - // SAFETY: the caller must uphold the safety contract for `offset`. - unsafe { self.offset((count as isize).wrapping_neg()) } + if T::IS_ZST { + // Pointer arithmetic does nothing when the pointee is a ZST. + self + } else { + // SAFETY: the caller must uphold the safety contract for `offset`. + // Because the pointee is *not* a ZST, that means that `count` is + // at most `isize::MAX`, and thus the negation cannot overflow. + unsafe { self.offset(intrinsics::unchecked_sub(0, count as isize)) } + } } /// Calculates the offset from a pointer in bytes (convenience for diff --git a/library/core/src/ptr/mut_ptr.rs b/library/core/src/ptr/mut_ptr.rs index e3a3f69afd9..d129e1d645f 100644 --- a/library/core/src/ptr/mut_ptr.rs +++ b/library/core/src/ptr/mut_ptr.rs @@ -1,6 +1,7 @@ use super::*; use crate::cmp::Ordering::{self, Equal, Greater, Less}; use crate::intrinsics::{self, const_eval_select}; +use crate::mem::SizedTypeProperties; use crate::slice::{self, SliceIndex}; impl<T: ?Sized> *mut T { @@ -1095,14 +1096,23 @@ impl<T: ?Sized> *mut T { #[stable(feature = "pointer_methods", since = "1.26.0")] #[must_use = "returns a new pointer rather than modifying its argument"] #[rustc_const_stable(feature = "const_ptr_offset", since = "1.61.0")] + // We could always go back to wrapping if unchecked becomes unacceptable + #[rustc_allow_const_fn_unstable(const_int_unchecked_arith)] #[inline(always)] #[cfg_attr(miri, track_caller)] // even without panics, this helps for Miri backtraces pub const unsafe fn sub(self, count: usize) -> Self where T: Sized, { - // SAFETY: the caller must uphold the safety contract for `offset`. - unsafe { self.offset((count as isize).wrapping_neg()) } + if T::IS_ZST { + // Pointer arithmetic does nothing when the pointee is a ZST. + self + } else { + // SAFETY: the caller must uphold the safety contract for `offset`. + // Because the pointee is *not* a ZST, that means that `count` is + // at most `isize::MAX`, and thus the negation cannot overflow. + unsafe { self.offset(intrinsics::unchecked_sub(0, count as isize)) } + } } /// Calculates the offset from a pointer in bytes (convenience for diff --git a/tests/codegen/ptr-arithmetic.rs b/tests/codegen/ptr-arithmetic.rs new file mode 100644 index 00000000000..292bfdaf357 --- /dev/null +++ b/tests/codegen/ptr-arithmetic.rs @@ -0,0 +1,34 @@ +// compile-flags: -O -Z merge-functions=disabled +// ignore-debug (the extra assertions get in the way) + +#![crate_type = "lib"] + +// CHECK-LABEL: ptr @i32_add( +// CHECK-SAME: [[WORD:i[0-9]+]] noundef %n) +#[no_mangle] +pub unsafe fn i32_add(p: *const i32, n: usize) -> *const i32 { + // CHECK: %[[TEMP:.+]] = getelementptr inbounds i32, ptr %p, [[WORD]] %n + // CHECK: ret ptr %[[TEMP]] + p.add(n) +} + +// Ensure we tell LLVM that the negation in `sub` can't overflow. + +// CHECK-LABEL: ptr @i32_sub( +// CHECK-SAME: [[WORD:i[0-9]+]] noundef %n) +#[no_mangle] +pub unsafe fn i32_sub(p: *const i32, n: usize) -> *const i32 { + // CHECK: %[[DELTA:.+]] = sub nsw [[WORD]] 0, %n + // CHECK: %[[TEMP:.+]] = getelementptr inbounds i32, ptr %p, [[WORD]] %[[DELTA]] + // CHECK: ret ptr %[[TEMP]] + p.sub(n) +} + +// CHECK-LABEL: ptr @i32_offset( +// CHECK-SAME: [[WORD:i[0-9]+]] noundef %d) +#[no_mangle] +pub unsafe fn i32_offset(p: *const i32, d: isize) -> *const i32 { + // CHECK: %[[TEMP:.+]] = getelementptr inbounds i32, ptr %p, [[WORD]] %d + // CHECK: ret ptr %[[TEMP]] + p.offset(d) +} |