Skip to content

Commit ecb3830

Browse files
matthiaskrgrmatthiaskrgr
authored
Rollup merge of rust-lang#131384 - saethlin:precondition-tests, r=ibraheemdev
Update precondition tests (especially for zero-size access to null) I don't much like the current way I've updated the precondition check helpers, but I couldn't come up with anything better. Ideas welcome. I've organized `tests/ui/precondition-checks` mostly with one file per function that has `assert_unsafe_precondition` in it, with revisions that check each precondition. The important new test is `tests/ui/precondition-checks/zero-size-null.rs`.
2 parents ea7a0c6 + a5529ee commit ecb3830

File tree

5 files changed

+36
-24
lines changed

5 files changed

+36
-24
lines changed

core/src/ascii/ascii_char.rs

+1-1
Original file line numberDiff line numberDiff line change
@@ -506,7 +506,7 @@ impl AsciiChar {
506506
pub const unsafe fn digit_unchecked(d: u8) -> Self {
507507
assert_unsafe_precondition!(
508508
check_language_ub,
509-
"`AsciiChar::digit_unchecked` input cannot exceed 9.",
509+
"`ascii::Char::digit_unchecked` input cannot exceed 9.",
510510
(d: u8 = d) => d < 10
511511
);
512512

core/src/intrinsics.rs

+12-7
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,7 @@
6464
#![allow(missing_docs)]
6565

6666
use crate::marker::{DiscriminantKind, Tuple};
67+
use crate::mem::SizedTypeProperties;
6768
use crate::{ptr, ub_checks};
6869

6970
pub mod mir;
@@ -3364,10 +3365,12 @@ pub const unsafe fn copy_nonoverlapping<T>(src: *const T, dst: *mut T, count: us
33643365
size: usize = size_of::<T>(),
33653366
align: usize = align_of::<T>(),
33663367
count: usize = count,
3367-
) =>
3368-
ub_checks::is_aligned_and_not_null(src, align)
3369-
&& ub_checks::is_aligned_and_not_null(dst, align)
3370-
&& ub_checks::is_nonoverlapping(src, dst, size, count)
3368+
) => {
3369+
let zero_size = count == 0 || size == 0;
3370+
ub_checks::is_aligned_and_not_null(src, align, zero_size)
3371+
&& ub_checks::is_aligned_and_not_null(dst, align, zero_size)
3372+
&& ub_checks::is_nonoverlapping(src, dst, size, count)
3373+
}
33713374
);
33723375

33733376
// SAFETY: the safety contract for `copy_nonoverlapping` must be
@@ -3465,9 +3468,10 @@ pub const unsafe fn copy<T>(src: *const T, dst: *mut T, count: usize) {
34653468
src: *const () = src as *const (),
34663469
dst: *mut () = dst as *mut (),
34673470
align: usize = align_of::<T>(),
3471+
zero_size: bool = T::IS_ZST || count == 0,
34683472
) =>
3469-
ub_checks::is_aligned_and_not_null(src, align)
3470-
&& ub_checks::is_aligned_and_not_null(dst, align)
3473+
ub_checks::is_aligned_and_not_null(src, align, zero_size)
3474+
&& ub_checks::is_aligned_and_not_null(dst, align, zero_size)
34713475
);
34723476
copy(src, dst, count)
34733477
}
@@ -3544,7 +3548,8 @@ pub const unsafe fn write_bytes<T>(dst: *mut T, val: u8, count: usize) {
35443548
(
35453549
addr: *const () = dst as *const (),
35463550
align: usize = align_of::<T>(),
3547-
) => ub_checks::is_aligned_and_not_null(addr, align)
3551+
zero_size: bool = T::IS_ZST || count == 0,
3552+
) => ub_checks::is_aligned_and_not_null(addr, align, zero_size)
35483553
);
35493554
write_bytes(dst, val, count)
35503555
}

core/src/ptr/mod.rs

+17-10
Original file line numberDiff line numberDiff line change
@@ -448,7 +448,7 @@
448448

449449
use crate::cmp::Ordering;
450450
use crate::marker::FnPtr;
451-
use crate::mem::{self, MaybeUninit};
451+
use crate::mem::{self, MaybeUninit, SizedTypeProperties};
452452
use crate::{fmt, hash, intrinsics, ub_checks};
453453

454454
mod alignment;
@@ -1165,10 +1165,12 @@ pub const unsafe fn swap_nonoverlapping<T>(x: *mut T, y: *mut T, count: usize) {
11651165
size: usize = size_of::<T>(),
11661166
align: usize = align_of::<T>(),
11671167
count: usize = count,
1168-
) =>
1169-
ub_checks::is_aligned_and_not_null(x, align)
1170-
&& ub_checks::is_aligned_and_not_null(y, align)
1171-
&& ub_checks::is_nonoverlapping(x, y, size, count)
1168+
) => {
1169+
let zero_size = size == 0 || count == 0;
1170+
ub_checks::is_aligned_and_not_null(x, align, zero_size)
1171+
&& ub_checks::is_aligned_and_not_null(y, align, zero_size)
1172+
&& ub_checks::is_nonoverlapping(x, y, size, count)
1173+
}
11721174
);
11731175

11741176
// Split up the slice into small power-of-two-sized chunks that LLVM is able
@@ -1278,7 +1280,8 @@ pub const unsafe fn replace<T>(dst: *mut T, src: T) -> T {
12781280
(
12791281
addr: *const () = dst as *const (),
12801282
align: usize = align_of::<T>(),
1281-
) => ub_checks::is_aligned_and_not_null(addr, align)
1283+
is_zst: bool = T::IS_ZST,
1284+
) => ub_checks::is_aligned_and_not_null(addr, align, is_zst)
12821285
);
12831286
mem::replace(&mut *dst, src)
12841287
}
@@ -1430,7 +1433,8 @@ pub const unsafe fn read<T>(src: *const T) -> T {
14301433
(
14311434
addr: *const () = src as *const (),
14321435
align: usize = align_of::<T>(),
1433-
) => ub_checks::is_aligned_and_not_null(addr, align)
1436+
is_zst: bool = T::IS_ZST,
1437+
) => ub_checks::is_aligned_and_not_null(addr, align, is_zst)
14341438
);
14351439
crate::intrinsics::read_via_copy(src)
14361440
}
@@ -1635,7 +1639,8 @@ pub const unsafe fn write<T>(dst: *mut T, src: T) {
16351639
(
16361640
addr: *mut () = dst as *mut (),
16371641
align: usize = align_of::<T>(),
1638-
) => ub_checks::is_aligned_and_not_null(addr, align)
1642+
is_zst: bool = T::IS_ZST,
1643+
) => ub_checks::is_aligned_and_not_null(addr, align, is_zst)
16391644
);
16401645
intrinsics::write_via_move(dst, src)
16411646
}
@@ -1808,7 +1813,8 @@ pub unsafe fn read_volatile<T>(src: *const T) -> T {
18081813
(
18091814
addr: *const () = src as *const (),
18101815
align: usize = align_of::<T>(),
1811-
) => ub_checks::is_aligned_and_not_null(addr, align)
1816+
is_zst: bool = T::IS_ZST,
1817+
) => ub_checks::is_aligned_and_not_null(addr, align, is_zst)
18121818
);
18131819
intrinsics::volatile_load(src)
18141820
}
@@ -1887,7 +1893,8 @@ pub unsafe fn write_volatile<T>(dst: *mut T, src: T) {
18871893
(
18881894
addr: *mut () = dst as *mut (),
18891895
align: usize = align_of::<T>(),
1890-
) => ub_checks::is_aligned_and_not_null(addr, align)
1896+
is_zst: bool = T::IS_ZST,
1897+
) => ub_checks::is_aligned_and_not_null(addr, align, is_zst)
18911898
);
18921899
intrinsics::volatile_store(dst, src);
18931900
}

core/src/slice/raw.rs

+2-2
Original file line numberDiff line numberDiff line change
@@ -132,7 +132,7 @@ pub const unsafe fn from_raw_parts<'a, T>(data: *const T, len: usize) -> &'a [T]
132132
align: usize = align_of::<T>(),
133133
len: usize = len,
134134
) =>
135-
ub_checks::is_aligned_and_not_null(data, align)
135+
ub_checks::is_aligned_and_not_null(data, align, false)
136136
&& ub_checks::is_valid_allocation_size(size, len)
137137
);
138138
&*ptr::slice_from_raw_parts(data, len)
@@ -187,7 +187,7 @@ pub const unsafe fn from_raw_parts_mut<'a, T>(data: *mut T, len: usize) -> &'a m
187187
align: usize = align_of::<T>(),
188188
len: usize = len,
189189
) =>
190-
ub_checks::is_aligned_and_not_null(data, align)
190+
ub_checks::is_aligned_and_not_null(data, align, false)
191191
&& ub_checks::is_valid_allocation_size(size, len)
192192
);
193193
&mut *ptr::slice_from_raw_parts_mut(data, len)

core/src/ub_checks.rs

+4-4
Original file line numberDiff line numberDiff line change
@@ -109,15 +109,15 @@ pub(crate) const fn check_language_ub() -> bool {
109109
intrinsics::ub_checks() && const_eval_select((), comptime, runtime)
110110
}
111111

112-
/// Checks whether `ptr` is properly aligned with respect to
113-
/// `align_of::<T>()`.
112+
/// Checks whether `ptr` is properly aligned with respect to the given alignment, and
113+
/// if `is_zst == false`, that `ptr` is not null.
114114
///
115115
/// In `const` this is approximate and can fail spuriously. It is primarily intended
116116
/// for `assert_unsafe_precondition!` with `check_language_ub`, in which case the
117117
/// check is anyway not executed in `const`.
118118
#[inline]
119-
pub(crate) const fn is_aligned_and_not_null(ptr: *const (), align: usize) -> bool {
120-
!ptr.is_null() && ptr.is_aligned_to(align)
119+
pub(crate) const fn is_aligned_and_not_null(ptr: *const (), align: usize, is_zst: bool) -> bool {
120+
ptr.is_aligned_to(align) && (is_zst || !ptr.is_null())
121121
}
122122

123123
#[inline]

0 commit comments

Comments
 (0)