Auto merge of #130251 - saethlin:ptr-offset-preconditions, r=Amanieu

Add precondition checks to ptr::offset, ptr::add, ptr::sub

All of `offset`, `add`, and `sub` (currently) have the trivial preconditions that the offset in bytes must be <= isize::MAX, and the computation of the new address must not wrap. This adds precondition checks for these, and like in slice indexing, we use intrinsics directly to implement unsafe APIs that have explicit checks, because we get a clearer error message that mentions the misused API not an implementation detail.

Experimentation indicates these checks have 1-2% compile time overhead, due primarily to adding the checks for `add`.

A crater run (https://github.com/rust-lang/rust/pull/130251#issuecomment-2395824565) indicates some people currently have buggy calls to `ptr::offset` that apply a negative offset to a null pointer, but the crater run does not hit the `ptr::add` or `ptr::sub` checks, which seems like an argument for cfg'ing out those checks on account of their overhead.

0 files changed, 0 insertions, 0 deletions