Skip to content

fix(interp): Treat UnsafeBinder as Compound Type in try_visit_primitive#153458

Open
TKanX wants to merge 1 commit intorust-lang:mainfrom
TKanX:bugfix/153362-ice-unsafe-binder-validity
Open

fix(interp): Treat UnsafeBinder as Compound Type in try_visit_primitive#153458
TKanX wants to merge 1 commit intorust-lang:mainfrom
TKanX:bugfix/153362-ice-unsafe-binder-validity

Conversation

@TKanX
Copy link
Copy Markdown
Contributor

@TKanX TKanX commented Mar 5, 2026
edited by rustbot
Loading

Summary:

Fixes ICE in const eval validity checking when a value contains an UnsafeBinder-typed field.

try_visit_primitive in validity.rs had ty::UnsafeBinder(_) => todo!("FIXME(unsafe_binder)"): a placeholder left by the initial unsafe binders type system implementation (9a1c5eb).

The fix is to remove the todo!() and move UnsafeBinder into the compound types arm.

Closes #153362

r? @dingxiangfei2009
cc @matthiaskrgr

@rustbot rustbot added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. labels Mar 5, 2026
@TKanX TKanX marked this pull request as ready for review March 5, 2026 19:34
@rustbot
Copy link
Copy Markdown
Collaborator

rustbot commented Mar 5, 2026

Some changes occurred to the CTFE machinery

cc @RalfJung, @oli-obk, @lcnr

Some changes occurred to the CTFE / Miri interpreter

cc @rust-lang/miri

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. labels Mar 5, 2026
@Kivooeo
Copy link
Copy Markdown
Member

Kivooeo commented Mar 5, 2026

can you explain a bit your choice of this match arm?

@TKanX
Copy link
Copy Markdown
Contributor Author

TKanX commented Mar 5, 2026

can you explain a bit your choice of this match arm?

Since layout.rs erases bound regions and delegates entirely to the inner type, I think returning false and letting walk_value recurse via FieldsShape is correct (similar to Pat or Closure).

Happy to be corrected if there's something specific.

@Enselic Enselic added the A-const-eval Area: Constant evaluation, covers all const contexts (static, const fn, ...) label Apr 28, 2026
@wesleywiser
Copy link
Copy Markdown
Member

wesleywiser commented Apr 30, 2026

r? rust-lang/compiler

dingxiangfei2009
dingxiangfei2009 reviewed Apr 30, 2026
View reviewed changes
Comment thread compiler/rustc_const_eval/src/interpret/validity.rs
| ty::Dynamic(..)
| ty::Closure(..)
| ty::Pat(..)
| ty::UnsafeBinder(..)
Copy link
Copy Markdown
Contributor

@dingxiangfei2009 dingxiangfei2009 Apr 30, 2026
edited by rustbot
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I am not super sure about the decision here. However, I would like to leave a long overdue opinion and I would like to take this opportunity to learn more about the UnsafeBinder semantics here as well.

In my very rudimentary understanding of an unsafe<..> type and the primitivity property in CTFE is so that it transcends through the binder. For instance the primitivity of unsafe<'a> &'a T is delegated to &'a T, which depends on how well-behaving this underlying reference is. So does this make sense?

View changes since the review

dingxiangfei2009
dingxiangfei2009 reviewed Apr 30, 2026
View reviewed changes
Comment thread tests/ui/unsafe-binders/const-eval-validity.rs
#![allow(incomplete_features)]

struct ThinDst {
b: unsafe<> (),
Copy link
Copy Markdown
Contributor

@dingxiangfei2009 dingxiangfei2009 Apr 30, 2026
edited by rustbot
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

... so if a raw pointer, instead of a unit, is behind the binder, we probably should also check the reference here, or?

View changes since the review

oli-obk
oli-obk reviewed Apr 30, 2026
View reviewed changes
Comment thread tests/ui/unsafe-binders/const-eval-validity.rs
Copy link
Copy Markdown
Contributor

@oli-obk oli-obk Apr 30, 2026
edited by rustbot
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While this was the minimal repro for the ICE, fixing the ICE needs to come with some extensive testing of the feature within const validation.

So having tests where a reference behind an unsafe binder points to the wrong memory (e.g. a fn) or points to uninit memory even tho the value can't be uninit if it were a normal reference. There's probably more fun edge cases to handle here

View changes since the review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@oli-obk oli-obk oli-obk left review comments

@dingxiangfei2009 dingxiangfei2009 dingxiangfei2009 left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@JohnTitor JohnTitor

Labels

A-const-eval Area: Constant evaluation, covers all const contexts (static, const fn, ...) S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[ICE]: try_visit_primitive() on unsafe binder

8 participants

@TKanX @rustbot @Kivooeo @wesleywiser @oli-obk @dingxiangfei2009 @Enselic @JohnTitor