Rollup merge of #69651 - Mark-Simulacrum:black-box-marker, r=eddyb

Try to ensure usize marker does not get merged

This follows up on [this conversation](https://github.com/rust-lang/rust/pull/69209#discussion_r379911282). However, I'm not confident this is quite correct, so feedback is appreciated, as always.

1 files changed, 11 insertions, 1 deletions

diff --git a/src/libcore/fmt/mod.rs b/src/libcore/fmt/mod.rs
index b13e9bcc6b4..d2cebf593ab 100644
--- a/src/libcore/fmt/mod.rs
+++ b/src/libcore/fmt/mod.rs
@@ -264,8 +264,18 @@ pub struct ArgumentV1<'a> {
 // could have been miscompiled. In practice, we never call as_usize on non-usize
 // containing data (as a matter of static generation of the formatting
 // arguments), so this is merely an additional check.
+//
+// We primarily want to ensure that the function pointer at `USIZE_MARKER` has
+// an address corresponding *only* to functions that also take `&usize` as their
+// first argument. The read_volatile here ensures that we can safely ready out a
+// usize from the passed reference and that this address does not point at a
+// non-usize taking function.
 #[unstable(feature = "fmt_internals", reason = "internal to format_args!", issue = "none")]
-static USIZE_MARKER: fn(&usize, &mut Formatter<'_>) -> Result = |_, _| loop {};
+static USIZE_MARKER: fn(&usize, &mut Formatter<'_>) -> Result = |ptr, _| {
+    // SAFETY: ptr is a reference
+    let _v: usize = unsafe { crate::ptr::read_volatile(ptr) };
+    loop {}
+};
 
 impl<'a> ArgumentV1<'a> {
     #[doc(hidden)]