From 3f2dc2bd1a2e0120b868911497ddbd8e43f3a9fa Mon Sep 17 00:00:00 2001 From: Deadbeef Date: Tue, 8 Jul 2025 00:20:57 +0800 Subject: [PATCH 1/5] add `const_make_global`; err for `const_allocate` ptrs if didn't call Co-Authored-By: Ralf Jung Co-Authored-By: Oli Scherer --- compiler/rustc_const_eval/messages.ftl | 11 ++++ .../rustc_const_eval/src/const_eval/error.rs | 32 +++++++++- .../src/const_eval/eval_queries.rs | 2 +- .../src/const_eval/machine.rs | 19 ++++-- compiler/rustc_const_eval/src/errors.rs | 8 +++ .../rustc_const_eval/src/interpret/intern.rs | 58 +++++++++++++++++-- .../rustc_const_eval/src/interpret/memory.rs | 44 ++++++++++++++ .../src/util/check_validity_requirement.rs | 10 ++-- .../rustc_hir_analysis/src/check/intrinsic.rs | 3 + .../rustc_middle/src/mir/interpret/error.rs | 2 +- compiler/rustc_span/src/symbol.rs | 1 + library/alloc/src/boxed/thin.rs | 7 ++- library/core/src/intrinsics/mod.rs | 9 +++ .../heap/alloc_intrinsic_nontransient.rs | 4 +- .../heap/alloc_intrinsic_uninit.32bit.stderr | 2 +- .../heap/alloc_intrinsic_uninit.64bit.stderr | 2 +- .../const-eval/heap/alloc_intrinsic_uninit.rs | 5 +- .../heap/alloc_intrinsic_untyped.rs | 1 + .../heap/alloc_intrinsic_untyped.stderr | 10 +++- .../const-eval/heap/dealloc_intrinsic.rs | 2 +- .../const-eval/heap/make-global-dangling.rs | 16 +++++ .../heap/make-global-dangling.stderr | 15 +++++ .../const-eval/heap/make-global-other.rs | 13 +++++ .../const-eval/heap/make-global-other.stderr | 9 +++ .../const-eval/heap/make-global-twice.rs | 16 +++++ .../const-eval/heap/make-global-twice.stderr | 9 +++ .../ui/consts/const-eval/heap/make-global.rs | 21 +++++++ .../heap/ptr_made_global_mutated.rs | 14 +++++ .../heap/ptr_made_global_mutated.stderr | 9 +++ .../const-eval/heap/ptr_not_made_global.rs | 19 ++++++ .../heap/ptr_not_made_global.stderr | 18 ++++++ 31 files changed, 361 insertions(+), 30 deletions(-) create mode 100644 tests/ui/consts/const-eval/heap/make-global-dangling.rs create mode 100644 tests/ui/consts/const-eval/heap/make-global-dangling.stderr create mode 100644 tests/ui/consts/const-eval/heap/make-global-other.rs create mode 100644 tests/ui/consts/const-eval/heap/make-global-other.stderr create mode 100644 tests/ui/consts/const-eval/heap/make-global-twice.rs create mode 100644 tests/ui/consts/const-eval/heap/make-global-twice.stderr create mode 100644 tests/ui/consts/const-eval/heap/make-global.rs create mode 100644 tests/ui/consts/const-eval/heap/ptr_made_global_mutated.rs create mode 100644 tests/ui/consts/const-eval/heap/ptr_made_global_mutated.stderr create mode 100644 tests/ui/consts/const-eval/heap/ptr_not_made_global.rs create mode 100644 tests/ui/consts/const-eval/heap/ptr_not_made_global.stderr diff --git a/compiler/rustc_const_eval/messages.ftl b/compiler/rustc_const_eval/messages.ftl index b767ca9a3c251..0463788401189 100644 --- a/compiler/rustc_const_eval/messages.ftl +++ b/compiler/rustc_const_eval/messages.ftl @@ -56,6 +56,17 @@ const_eval_const_context = {$kind -> *[other] {""} } +const_eval_const_heap_ptr_in_final = encountered `const_allocate` pointer in final value that was not made global + .note = use `const_make_global` to make allocated pointers immutable before returning + +const_eval_const_make_global_ptr_already_made_global = attempting to call `const_make_global` twice on the same allocation {$alloc} + +const_eval_const_make_global_ptr_is_non_heap = pointer passed to `const_make_global` does not point to a heap allocation: {$ptr} + +const_eval_const_make_global_with_dangling_ptr = pointer passed to `const_make_global` is dangling: {$ptr} + +const_eval_const_make_global_with_offset = making {$ptr} global which does not point to the beginning of an object + const_eval_copy_nonoverlapping_overlapping = `copy_nonoverlapping` called on overlapping ranges diff --git a/compiler/rustc_const_eval/src/const_eval/error.rs b/compiler/rustc_const_eval/src/const_eval/error.rs index 08fc03d9c4647..5b07b7c13c1a2 100644 --- a/compiler/rustc_const_eval/src/const_eval/error.rs +++ b/compiler/rustc_const_eval/src/const_eval/error.rs @@ -2,7 +2,7 @@ use std::mem; use rustc_errors::{Diag, DiagArgName, DiagArgValue, DiagMessage, IntoDiagArg}; use rustc_middle::mir::AssertKind; -use rustc_middle::mir::interpret::{Provenance, ReportedErrorInfo}; +use rustc_middle::mir::interpret::{AllocId, Provenance, ReportedErrorInfo}; use rustc_middle::query::TyCtxtAt; use rustc_middle::ty::layout::LayoutError; use rustc_middle::ty::{ConstInt, TyCtxt}; @@ -22,8 +22,22 @@ pub enum ConstEvalErrKind { ModifiedGlobal, RecursiveStatic, AssertFailure(AssertKind), - Panic { msg: Symbol, line: u32, col: u32, file: Symbol }, + Panic { + msg: Symbol, + line: u32, + col: u32, + file: Symbol, + }, WriteThroughImmutablePointer, + /// Called `const_make_global` twice. + ConstMakeGlobalPtrAlreadyMadeGlobal(AllocId), + /// Called `const_make_global` on a non-heap pointer. + ConstMakeGlobalPtrIsNonHeap(String), + /// Called `const_make_global` on a dangling pointer. + ConstMakeGlobalWithDanglingPtr(String), + /// Called `const_make_global` on a pointer that does not start at the + /// beginning of an object. + ConstMakeGlobalWithOffset(String), } impl MachineStopType for ConstEvalErrKind { @@ -38,6 +52,12 @@ impl MachineStopType for ConstEvalErrKind { RecursiveStatic => const_eval_recursive_static, AssertFailure(x) => x.diagnostic_message(), WriteThroughImmutablePointer => const_eval_write_through_immutable_pointer, + ConstMakeGlobalPtrAlreadyMadeGlobal { .. } => { + const_eval_const_make_global_ptr_already_made_global + } + ConstMakeGlobalPtrIsNonHeap(_) => const_eval_const_make_global_ptr_is_non_heap, + ConstMakeGlobalWithDanglingPtr(_) => const_eval_const_make_global_with_dangling_ptr, + ConstMakeGlobalWithOffset(_) => const_eval_const_make_global_with_offset, } } fn add_args(self: Box, adder: &mut dyn FnMut(DiagArgName, DiagArgValue)) { @@ -51,6 +71,14 @@ impl MachineStopType for ConstEvalErrKind { Panic { msg, .. } => { adder("msg".into(), msg.into_diag_arg(&mut None)); } + ConstMakeGlobalPtrIsNonHeap(ptr) + | ConstMakeGlobalWithOffset(ptr) + | ConstMakeGlobalWithDanglingPtr(ptr) => { + adder("ptr".into(), ptr.into_diag_arg(&mut None)); + } + ConstMakeGlobalPtrAlreadyMadeGlobal(alloc) => { + adder("alloc".into(), alloc.into_diag_arg(&mut None)); + } } } } diff --git a/compiler/rustc_const_eval/src/const_eval/eval_queries.rs b/compiler/rustc_const_eval/src/const_eval/eval_queries.rs index 4bd4b49300900..32209ff436791 100644 --- a/compiler/rustc_const_eval/src/const_eval/eval_queries.rs +++ b/compiler/rustc_const_eval/src/const_eval/eval_queries.rs @@ -93,7 +93,7 @@ fn eval_body_using_ecx<'tcx, R: InterpretationResult<'tcx>>( // Since evaluation had no errors, validate the resulting constant. const_validate_mplace(ecx, &ret, cid)?; - // Only report this after validation, as validaiton produces much better diagnostics. + // Only report this after validation, as validation produces much better diagnostics. // FIXME: ensure validation always reports this and stop making interning care about it. match intern_result { diff --git a/compiler/rustc_const_eval/src/const_eval/machine.rs b/compiler/rustc_const_eval/src/const_eval/machine.rs index 52fc898192ade..4e952b043fbca 100644 --- a/compiler/rustc_const_eval/src/const_eval/machine.rs +++ b/compiler/rustc_const_eval/src/const_eval/machine.rs @@ -169,13 +169,15 @@ pub type CompileTimeInterpCx<'tcx> = InterpCx<'tcx, CompileTimeMachine<'tcx>>; #[derive(Debug, PartialEq, Eq, Copy, Clone)] pub enum MemoryKind { - Heap, + Heap { was_made_global: bool }, } impl fmt::Display for MemoryKind { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { match self { - MemoryKind::Heap => write!(f, "heap allocation"), + MemoryKind::Heap { was_made_global } => { + write!(f, "heap allocation{}", if *was_made_global { " (made global)" } else { "" }) + } } } } @@ -184,7 +186,7 @@ impl interpret::MayLeak for MemoryKind { #[inline(always)] fn may_leak(self) -> bool { match self { - MemoryKind::Heap => false, + MemoryKind::Heap { was_made_global } => was_made_global, } } } @@ -420,7 +422,7 @@ impl<'tcx> interpret::Machine<'tcx> for CompileTimeMachine<'tcx> { let ptr = ecx.allocate_ptr( Size::from_bytes(size), align, - interpret::MemoryKind::Machine(MemoryKind::Heap), + interpret::MemoryKind::Machine(MemoryKind::Heap { was_made_global: false }), AllocInit::Uninit, )?; ecx.write_pointer(ptr, dest)?; @@ -453,10 +455,17 @@ impl<'tcx> interpret::Machine<'tcx> for CompileTimeMachine<'tcx> { ecx.deallocate_ptr( ptr, Some((size, align)), - interpret::MemoryKind::Machine(MemoryKind::Heap), + interpret::MemoryKind::Machine(MemoryKind::Heap { was_made_global: false }), )?; } } + + sym::const_make_global => { + let ptr = ecx.read_pointer(&args[0])?; + ecx.make_const_heap_ptr_global(ptr)?; + ecx.write_pointer(ptr, dest)?; + } + // The intrinsic represents whether the value is known to the optimizer (LLVM). // We're not doing any optimizations here, so there is no optimizer that could know the value. // (We know the value here in the machine of course, but this is the runtime of that code, diff --git a/compiler/rustc_const_eval/src/errors.rs b/compiler/rustc_const_eval/src/errors.rs index 49cd713874869..b6a64035261e5 100644 --- a/compiler/rustc_const_eval/src/errors.rs +++ b/compiler/rustc_const_eval/src/errors.rs @@ -43,6 +43,14 @@ pub(crate) struct MutablePtrInFinal { pub kind: InternKind, } +#[derive(Diagnostic)] +#[diag(const_eval_const_heap_ptr_in_final)] +#[note] +pub(crate) struct ConstHeapPtrInFinal { + #[primary_span] + pub span: Span, +} + #[derive(Diagnostic)] #[diag(const_eval_unstable_in_stable_exposed)] pub(crate) struct UnstableInStableExposed { diff --git a/compiler/rustc_const_eval/src/interpret/intern.rs b/compiler/rustc_const_eval/src/interpret/intern.rs index f0f958d069ee8..85524949053c9 100644 --- a/compiler/rustc_const_eval/src/interpret/intern.rs +++ b/compiler/rustc_const_eval/src/interpret/intern.rs @@ -31,7 +31,7 @@ use super::{ }; use crate::const_eval; use crate::const_eval::DummyMachine; -use crate::errors::NestedStaticInThreadLocal; +use crate::errors::{ConstHeapPtrInFinal, NestedStaticInThreadLocal}; pub trait CompileTimeMachine<'tcx, T> = Machine< 'tcx, @@ -55,6 +55,35 @@ impl HasStaticRootDefId for const_eval::CompileTimeMachine<'_> { } } +pub enum DisallowInternReason { + ConstHeap, +} + +/// A trait for controlling whether memory allocated in the interpreter can be interned. +/// +/// This prevents us from interning `const_allocate` pointers that have not been made +/// global through `const_make_global`. +pub trait CanIntern { + fn disallows_intern(&self) -> Option; +} + +impl CanIntern for const_eval::MemoryKind { + fn disallows_intern(&self) -> Option { + match self { + const_eval::MemoryKind::Heap { was_made_global: false } => { + Some(DisallowInternReason::ConstHeap) + } + const_eval::MemoryKind::Heap { was_made_global: true } => None, + } + } +} + +impl CanIntern for ! { + fn disallows_intern(&self) -> Option { + *self + } +} + /// Intern an allocation. Returns `Err` if the allocation does not exist in the local memory. /// /// `mutability` can be used to force immutable interning: if it is `Mutability::Not`, the @@ -62,7 +91,7 @@ impl HasStaticRootDefId for const_eval::CompileTimeMachine<'_> { /// already mutable (as a sanity check). /// /// Returns an iterator over all relocations referred to by this allocation. -fn intern_shallow<'tcx, T, M: CompileTimeMachine<'tcx, T>>( +fn intern_shallow<'tcx, T: CanIntern, M: CompileTimeMachine<'tcx, T>>( ecx: &mut InterpCx<'tcx, M>, alloc_id: AllocId, mutability: Mutability, @@ -71,9 +100,26 @@ fn intern_shallow<'tcx, T, M: CompileTimeMachine<'tcx, T>>( trace!("intern_shallow {:?}", alloc_id); // remove allocation // FIXME(#120456) - is `swap_remove` correct? - let Some((_kind, mut alloc)) = ecx.memory.alloc_map.swap_remove(&alloc_id) else { + let Some((kind, mut alloc)) = ecx.memory.alloc_map.swap_remove(&alloc_id) else { return Err(()); }; + + match kind { + MemoryKind::Machine(x) if let Some(reason) = x.disallows_intern() => match reason { + // attempting to intern a `const_allocate`d pointer that was not made global via + // `const_make_global`. We emit an error here but don't return an `Err`. The `Err` + // is for pointers that we can't intern at all (i.e. dangling pointers). We still + // (recursively) intern this pointer because we don't have to worry about the + // additional paperwork involved with _not_ interning it, such as storing it in + // the dead memory map and having to deal with additional "dangling pointer" + // messages if someone tries to store the non-made-global ptr in the final value. + DisallowInternReason::ConstHeap => { + ecx.tcx.dcx().emit_err(ConstHeapPtrInFinal { span: ecx.tcx.span }); + } + }, + MemoryKind::Machine(_) | MemoryKind::Stack | MemoryKind::CallerLocation => {} + } + // Set allocation mutability as appropriate. This is used by LLVM to put things into // read-only memory, and also by Miri when evaluating other globals that // access this one. @@ -99,7 +145,7 @@ fn intern_shallow<'tcx, T, M: CompileTimeMachine<'tcx, T>>( } else { ecx.tcx.set_alloc_id_memory(alloc_id, alloc); } - Ok(alloc.0.0.provenance().ptrs().iter().map(|&(_, prov)| prov)) + Ok(alloc.inner().provenance().ptrs().iter().map(|&(_, prov)| prov)) } /// Creates a new `DefId` and feeds all the right queries to make this `DefId` @@ -181,7 +227,7 @@ pub fn intern_const_alloc_recursive<'tcx, M: CompileTimeMachine<'tcx, const_eval } InternKind::Static(Mutability::Not) => { ( - // Outermost allocation is mutable if `!Freeze`. + // Outermost allocation is mutable if `!Freeze` i.e. contains interior mutable types. if ret.layout.ty.is_freeze(*ecx.tcx, ecx.typing_env) { Mutability::Not } else { @@ -321,7 +367,7 @@ pub fn intern_const_alloc_recursive<'tcx, M: CompileTimeMachine<'tcx, const_eval /// Intern `ret`. This function assumes that `ret` references no other allocation. #[instrument(level = "debug", skip(ecx))] -pub fn intern_const_alloc_for_constprop<'tcx, T, M: CompileTimeMachine<'tcx, T>>( +pub fn intern_const_alloc_for_constprop<'tcx, T: CanIntern, M: CompileTimeMachine<'tcx, T>>( ecx: &mut InterpCx<'tcx, M>, alloc_id: AllocId, ) -> InterpResult<'tcx, ()> { diff --git a/compiler/rustc_const_eval/src/interpret/memory.rs b/compiler/rustc_const_eval/src/interpret/memory.rs index 6414821e21d02..50578e13a7a86 100644 --- a/compiler/rustc_const_eval/src/interpret/memory.rs +++ b/compiler/rustc_const_eval/src/interpret/memory.rs @@ -26,6 +26,7 @@ use super::{ Misalignment, Pointer, PointerArithmetic, Provenance, Scalar, alloc_range, err_ub, err_ub_custom, interp_ok, throw_ub, throw_ub_custom, throw_unsup, throw_unsup_format, }; +use crate::const_eval::ConstEvalErrKind; use crate::fluent_generated as fluent; #[derive(Debug, PartialEq, Copy, Clone)] @@ -311,6 +312,49 @@ impl<'tcx, M: Machine<'tcx>> InterpCx<'tcx, M> { interp_ok(new_ptr) } + /// mark the `const_allocate`d pointer immutable so we can intern it. + pub fn make_const_heap_ptr_global( + &mut self, + ptr: Pointer>, + ) -> InterpResult<'tcx> + where + M: Machine<'tcx, MemoryKind = crate::const_eval::MemoryKind>, + { + let (alloc_id, offset, _) = self.ptr_get_alloc_id(ptr, 0)?; + if offset.bytes() != 0 { + return Err(ConstEvalErrKind::ConstMakeGlobalWithOffset(format!("{ptr:?}"))).into(); + } + + let not_local_heap = + matches!(self.tcx.try_get_global_alloc(alloc_id), Some(GlobalAlloc::Memory(_))); + + if not_local_heap { + return Err(ConstEvalErrKind::ConstMakeGlobalPtrIsNonHeap(format!("{ptr:?}"))).into(); + } + + let (kind, alloc) = self.memory.alloc_map.get_mut_or(alloc_id, || { + Err(ConstEvalErrKind::ConstMakeGlobalWithDanglingPtr(format!("{ptr:?}"))) + })?; + + alloc.mutability = Mutability::Not; + + match kind { + MemoryKind::Stack | MemoryKind::CallerLocation => { + return Err(ConstEvalErrKind::ConstMakeGlobalPtrIsNonHeap(format!("{ptr:?}"))) + .into(); + } + MemoryKind::Machine(crate::const_eval::MemoryKind::Heap { was_made_global }) => { + if *was_made_global { + return Err(ConstEvalErrKind::ConstMakeGlobalPtrAlreadyMadeGlobal(alloc_id)) + .into(); + } + *was_made_global = true; + } + } + + interp_ok(()) + } + #[instrument(skip(self), level = "debug")] pub fn deallocate_ptr( &mut self, diff --git a/compiler/rustc_const_eval/src/util/check_validity_requirement.rs b/compiler/rustc_const_eval/src/util/check_validity_requirement.rs index 4ca39bbc68ec2..1c2167a50fd26 100644 --- a/compiler/rustc_const_eval/src/util/check_validity_requirement.rs +++ b/compiler/rustc_const_eval/src/util/check_validity_requirement.rs @@ -52,9 +52,8 @@ fn check_validity_requirement_strict<'tcx>( let mut cx = InterpCx::new(cx.tcx(), DUMMY_SP, cx.typing_env, machine); - let allocated = cx - .allocate(ty, MemoryKind::Machine(crate::const_eval::MemoryKind::Heap)) - .expect("OOM: failed to allocate for uninit check"); + let allocated = + cx.allocate(ty, MemoryKind::Stack).expect("OOM: failed to allocate for uninit check"); if kind == ValidityRequirement::Zero { cx.write_bytes_ptr( @@ -185,7 +184,10 @@ pub(crate) fn validate_scalar_in_layout<'tcx>( bug!("could not compute layout of {scalar:?}:{ty:?}") }; let allocated = cx - .allocate(layout, MemoryKind::Machine(crate::const_eval::MemoryKind::Heap)) + .allocate( + layout, + MemoryKind::Machine(crate::const_eval::MemoryKind::Heap { was_made_global: false }), + ) .expect("OOM: failed to allocate for uninit check"); cx.write_scalar(scalar, &allocated).unwrap(); diff --git a/compiler/rustc_hir_analysis/src/check/intrinsic.rs b/compiler/rustc_hir_analysis/src/check/intrinsic.rs index dcab6ef1c5a5f..6e5fe3823ab51 100644 --- a/compiler/rustc_hir_analysis/src/check/intrinsic.rs +++ b/compiler/rustc_hir_analysis/src/check/intrinsic.rs @@ -422,6 +422,9 @@ pub(crate) fn check_intrinsic_type( vec![Ty::new_mut_ptr(tcx, tcx.types.u8), tcx.types.usize, tcx.types.usize], tcx.types.unit, ), + sym::const_make_global => { + (0, 0, vec![Ty::new_mut_ptr(tcx, tcx.types.u8)], Ty::new_imm_ptr(tcx, tcx.types.u8)) + } sym::ptr_offset_from => ( 1, diff --git a/compiler/rustc_middle/src/mir/interpret/error.rs b/compiler/rustc_middle/src/mir/interpret/error.rs index 71e0c943fbbb2..3e68afbfabd04 100644 --- a/compiler/rustc_middle/src/mir/interpret/error.rs +++ b/compiler/rustc_middle/src/mir/interpret/error.rs @@ -257,7 +257,7 @@ pub enum InvalidProgramInfo<'tcx> { /// Details of why a pointer had to be in-bounds. #[derive(Debug, Copy, Clone)] pub enum CheckInAllocMsg { - /// We are access memory. + /// We are accessing memory. MemoryAccess, /// We are doing pointer arithmetic. InboundsPointerArithmetic, diff --git a/compiler/rustc_span/src/symbol.rs b/compiler/rustc_span/src/symbol.rs index 8b12edf426c1b..599ef9aba2abb 100644 --- a/compiler/rustc_span/src/symbol.rs +++ b/compiler/rustc_span/src/symbol.rs @@ -715,6 +715,7 @@ symbols! { const_indexing, const_let, const_loop, + const_make_global, const_mut_refs, const_panic, const_panic_fmt, diff --git a/library/alloc/src/boxed/thin.rs b/library/alloc/src/boxed/thin.rs index 21425b9846e42..1cce36606d2c0 100644 --- a/library/alloc/src/boxed/thin.rs +++ b/library/alloc/src/boxed/thin.rs @@ -5,7 +5,7 @@ use core::error::Error; use core::fmt::{self, Debug, Display, Formatter}; #[cfg(not(no_global_oom_handling))] -use core::intrinsics::const_allocate; +use core::intrinsics::{const_allocate, const_make_global}; use core::marker::PhantomData; #[cfg(not(no_global_oom_handling))] use core::marker::Unsize; @@ -340,9 +340,10 @@ impl WithHeader { alloc.add(metadata_offset).cast(); // SAFETY: `*metadata_ptr` is within the allocation. metadata_ptr.write(ptr::metadata::(ptr::dangling::() as *const Dyn)); - + // SAFETY: valid heap allocation + const_make_global(alloc); // SAFETY: we have just written the metadata. - &*(metadata_ptr) + &*metadata_ptr } }; diff --git a/library/core/src/intrinsics/mod.rs b/library/core/src/intrinsics/mod.rs index c2e4b751c65f3..038c705d5b509 100644 --- a/library/core/src/intrinsics/mod.rs +++ b/library/core/src/intrinsics/mod.rs @@ -2533,6 +2533,15 @@ pub const unsafe fn const_deallocate(_ptr: *mut u8, _size: usize, _align: usize) // Runtime NOP } +#[rustc_const_unstable(feature = "const_heap", issue = "79597")] +#[rustc_nounwind] +#[rustc_intrinsic] +#[miri::intrinsic_fallback_is_spec] +pub const unsafe fn const_make_global(ptr: *mut u8) -> *const u8 { + // const eval overrides this function; at runtime, it is a NOP. + ptr +} + /// Returns whether we should perform contract-checking at runtime. /// /// This is meant to be similar to the ub_checks intrinsic, in terms diff --git a/tests/ui/consts/const-eval/heap/alloc_intrinsic_nontransient.rs b/tests/ui/consts/const-eval/heap/alloc_intrinsic_nontransient.rs index 83ed496ac2c25..fa49990abfd81 100644 --- a/tests/ui/consts/const-eval/heap/alloc_intrinsic_nontransient.rs +++ b/tests/ui/consts/const-eval/heap/alloc_intrinsic_nontransient.rs @@ -8,11 +8,11 @@ const FOO_RAW: *const i32 = foo(); const fn foo() -> &'static i32 { let t = unsafe { - let i = intrinsics::const_allocate(4, 4) as * mut i32; + let i = intrinsics::const_allocate(4, 4) as *mut i32; *i = 20; i }; - unsafe { &*t } + unsafe { &*(intrinsics::const_make_global(t as *mut u8) as *mut i32) } } fn main() { assert_eq!(*FOO, 20); diff --git a/tests/ui/consts/const-eval/heap/alloc_intrinsic_uninit.32bit.stderr b/tests/ui/consts/const-eval/heap/alloc_intrinsic_uninit.32bit.stderr index 11ed0841a0039..a8c7ee93971ec 100644 --- a/tests/ui/consts/const-eval/heap/alloc_intrinsic_uninit.32bit.stderr +++ b/tests/ui/consts/const-eval/heap/alloc_intrinsic_uninit.32bit.stderr @@ -1,7 +1,7 @@ error[E0080]: constructing invalid value at .: encountered uninitialized memory, but expected an integer --> $DIR/alloc_intrinsic_uninit.rs:7:1 | -LL | const BAR: &i32 = unsafe { &*(intrinsics::const_allocate(4, 4) as *mut i32) }; +LL | const BAR: &i32 = unsafe { | ^^^^^^^^^^^^^^^ it is undefined behavior to use this value | = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior. diff --git a/tests/ui/consts/const-eval/heap/alloc_intrinsic_uninit.64bit.stderr b/tests/ui/consts/const-eval/heap/alloc_intrinsic_uninit.64bit.stderr index 691bde87d2f21..47e1c22cc2c12 100644 --- a/tests/ui/consts/const-eval/heap/alloc_intrinsic_uninit.64bit.stderr +++ b/tests/ui/consts/const-eval/heap/alloc_intrinsic_uninit.64bit.stderr @@ -1,7 +1,7 @@ error[E0080]: constructing invalid value at .: encountered uninitialized memory, but expected an integer --> $DIR/alloc_intrinsic_uninit.rs:7:1 | -LL | const BAR: &i32 = unsafe { &*(intrinsics::const_allocate(4, 4) as *mut i32) }; +LL | const BAR: &i32 = unsafe { | ^^^^^^^^^^^^^^^ it is undefined behavior to use this value | = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior. diff --git a/tests/ui/consts/const-eval/heap/alloc_intrinsic_uninit.rs b/tests/ui/consts/const-eval/heap/alloc_intrinsic_uninit.rs index ffc35ca1ddceb..2736cdeed8c8c 100644 --- a/tests/ui/consts/const-eval/heap/alloc_intrinsic_uninit.rs +++ b/tests/ui/consts/const-eval/heap/alloc_intrinsic_uninit.rs @@ -4,6 +4,7 @@ #![feature(const_heap)] use std::intrinsics; -const BAR: &i32 = unsafe { &*(intrinsics::const_allocate(4, 4) as *mut i32) }; -//~^ ERROR: uninitialized memory +const BAR: &i32 = unsafe { //~ ERROR: uninitialized memory + &*(intrinsics::const_make_global(intrinsics::const_allocate(4, 4)) as *mut i32) +}; fn main() {} diff --git a/tests/ui/consts/const-eval/heap/alloc_intrinsic_untyped.rs b/tests/ui/consts/const-eval/heap/alloc_intrinsic_untyped.rs index 26cb69e458b61..201fa71502298 100644 --- a/tests/ui/consts/const-eval/heap/alloc_intrinsic_untyped.rs +++ b/tests/ui/consts/const-eval/heap/alloc_intrinsic_untyped.rs @@ -7,5 +7,6 @@ use std::intrinsics; const BAR: *mut i32 = unsafe { intrinsics::const_allocate(4, 4) as *mut i32 }; //~^ error: mutable pointer in final value of constant +//~| error: encountered `const_allocate` pointer in final value that was not made global fn main() {} diff --git a/tests/ui/consts/const-eval/heap/alloc_intrinsic_untyped.stderr b/tests/ui/consts/const-eval/heap/alloc_intrinsic_untyped.stderr index 0dc49dc3cd864..e69d27e48c815 100644 --- a/tests/ui/consts/const-eval/heap/alloc_intrinsic_untyped.stderr +++ b/tests/ui/consts/const-eval/heap/alloc_intrinsic_untyped.stderr @@ -1,8 +1,16 @@ +error: encountered `const_allocate` pointer in final value that was not made global + --> $DIR/alloc_intrinsic_untyped.rs:8:1 + | +LL | const BAR: *mut i32 = unsafe { intrinsics::const_allocate(4, 4) as *mut i32 }; + | ^^^^^^^^^^^^^^^^^^^ + | + = note: use `const_make_global` to make allocated pointers immutable before returning + error: encountered mutable pointer in final value of constant --> $DIR/alloc_intrinsic_untyped.rs:8:1 | LL | const BAR: *mut i32 = unsafe { intrinsics::const_allocate(4, 4) as *mut i32 }; | ^^^^^^^^^^^^^^^^^^^ -error: aborting due to 1 previous error +error: aborting due to 2 previous errors diff --git a/tests/ui/consts/const-eval/heap/dealloc_intrinsic.rs b/tests/ui/consts/const-eval/heap/dealloc_intrinsic.rs index 3cc035c66d33f..515e12d2b7715 100644 --- a/tests/ui/consts/const-eval/heap/dealloc_intrinsic.rs +++ b/tests/ui/consts/const-eval/heap/dealloc_intrinsic.rs @@ -12,7 +12,7 @@ const _X: () = unsafe { const Y: &u32 = unsafe { let ptr = intrinsics::const_allocate(4, 4) as *mut u32; *ptr = 42; - &*ptr + &*(intrinsics::const_make_global(ptr as *mut u8) as *const u32) }; const Z: &u32 = &42; diff --git a/tests/ui/consts/const-eval/heap/make-global-dangling.rs b/tests/ui/consts/const-eval/heap/make-global-dangling.rs new file mode 100644 index 0000000000000..4099e6e13ed87 --- /dev/null +++ b/tests/ui/consts/const-eval/heap/make-global-dangling.rs @@ -0,0 +1,16 @@ +#![feature(core_intrinsics)] +#![feature(const_heap)] + +use std::intrinsics; + +const Y: &u32 = unsafe { + &*(intrinsics::const_make_global(std::ptr::null_mut()) as *const u32) + //~^ error: pointer not dereferenceable +}; + +const Z: &u32 = unsafe { + &*(intrinsics::const_make_global(std::ptr::dangling_mut()) as *const u32) + //~^ error: pointer not dereferenceable +}; + +fn main() {} diff --git a/tests/ui/consts/const-eval/heap/make-global-dangling.stderr b/tests/ui/consts/const-eval/heap/make-global-dangling.stderr new file mode 100644 index 0000000000000..4a5f59b985513 --- /dev/null +++ b/tests/ui/consts/const-eval/heap/make-global-dangling.stderr @@ -0,0 +1,15 @@ +error[E0080]: pointer not dereferenceable: pointer must point to some allocation, but got null pointer + --> $DIR/make-global-dangling.rs:7:8 + | +LL | &*(intrinsics::const_make_global(std::ptr::null_mut()) as *const u32) + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ evaluation of `Y` failed here + +error[E0080]: pointer not dereferenceable: pointer must point to some allocation, but got 0x1[noalloc] which is a dangling pointer (it has no provenance) + --> $DIR/make-global-dangling.rs:12:8 + | +LL | &*(intrinsics::const_make_global(std::ptr::dangling_mut()) as *const u32) + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ evaluation of `Z` failed here + +error: aborting due to 2 previous errors + +For more information about this error, try `rustc --explain E0080`. diff --git a/tests/ui/consts/const-eval/heap/make-global-other.rs b/tests/ui/consts/const-eval/heap/make-global-other.rs new file mode 100644 index 0000000000000..dd5d27cc968cb --- /dev/null +++ b/tests/ui/consts/const-eval/heap/make-global-other.rs @@ -0,0 +1,13 @@ +#![feature(core_intrinsics)] +#![feature(const_heap)] + +use std::intrinsics; + +const X: &i32 = &0; + +const Y: &i32 = unsafe { + &*(intrinsics::const_make_global(X as *const i32 as *mut u8) as *const i32) + //~^ error: pointer passed to `const_make_global` does not point to a heap allocation: ALLOC0 +}; + +fn main() {} diff --git a/tests/ui/consts/const-eval/heap/make-global-other.stderr b/tests/ui/consts/const-eval/heap/make-global-other.stderr new file mode 100644 index 0000000000000..572230afe3b4c --- /dev/null +++ b/tests/ui/consts/const-eval/heap/make-global-other.stderr @@ -0,0 +1,9 @@ +error[E0080]: pointer passed to `const_make_global` does not point to a heap allocation: ALLOC0 + --> $DIR/make-global-other.rs:9:8 + | +LL | &*(intrinsics::const_make_global(X as *const i32 as *mut u8) as *const i32) + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ evaluation of `Y` failed here + +error: aborting due to 1 previous error + +For more information about this error, try `rustc --explain E0080`. diff --git a/tests/ui/consts/const-eval/heap/make-global-twice.rs b/tests/ui/consts/const-eval/heap/make-global-twice.rs new file mode 100644 index 0000000000000..36d779ad034a2 --- /dev/null +++ b/tests/ui/consts/const-eval/heap/make-global-twice.rs @@ -0,0 +1,16 @@ +#![feature(core_intrinsics)] +#![feature(const_heap)] + +use std::intrinsics; + +const Y: &i32 = unsafe { + let ptr = intrinsics::const_allocate(4, 4); + let i = ptr as *mut i32; + *i = 20; + intrinsics::const_make_global(ptr); + intrinsics::const_make_global(ptr); + //~^ error: attempting to call `const_make_global` twice on the same allocation ALLOC0 + &*i +}; + +fn main() {} diff --git a/tests/ui/consts/const-eval/heap/make-global-twice.stderr b/tests/ui/consts/const-eval/heap/make-global-twice.stderr new file mode 100644 index 0000000000000..35d2385d9e07f --- /dev/null +++ b/tests/ui/consts/const-eval/heap/make-global-twice.stderr @@ -0,0 +1,9 @@ +error[E0080]: attempting to call `const_make_global` twice on the same allocation ALLOC0 + --> $DIR/make-global-twice.rs:11:5 + | +LL | intrinsics::const_make_global(ptr); + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ evaluation of `Y` failed here + +error: aborting due to 1 previous error + +For more information about this error, try `rustc --explain E0080`. diff --git a/tests/ui/consts/const-eval/heap/make-global.rs b/tests/ui/consts/const-eval/heap/make-global.rs new file mode 100644 index 0000000000000..b26fe2434ab8b --- /dev/null +++ b/tests/ui/consts/const-eval/heap/make-global.rs @@ -0,0 +1,21 @@ +//@ run-pass +#![feature(core_intrinsics)] +#![feature(const_heap)] +use std::intrinsics; + +const FOO: &i32 = foo(); +const FOO_RAW: *const i32 = foo(); + +const fn foo() -> &'static i32 { + unsafe { + let ptr = intrinsics::const_allocate(4, 4); + let t = ptr as *mut i32; + *t = 20; + intrinsics::const_make_global(ptr); + &*t + } +} +fn main() { + assert_eq!(*FOO, 20); + assert_eq!(unsafe { *FOO_RAW }, 20); +} diff --git a/tests/ui/consts/const-eval/heap/ptr_made_global_mutated.rs b/tests/ui/consts/const-eval/heap/ptr_made_global_mutated.rs new file mode 100644 index 0000000000000..75f2d87d4d05d --- /dev/null +++ b/tests/ui/consts/const-eval/heap/ptr_made_global_mutated.rs @@ -0,0 +1,14 @@ +#![feature(core_intrinsics)] +#![feature(const_heap)] +use std::intrinsics; + +const A: &u8 = unsafe { + let ptr = intrinsics::const_allocate(1, 1); + *ptr = 1; + let ptr: *const u8 = intrinsics::const_make_global(ptr); + *(ptr as *mut u8) = 2; + //~^ error: writing to ALLOC0 which is read-only + &*ptr +}; + +fn main() {} diff --git a/tests/ui/consts/const-eval/heap/ptr_made_global_mutated.stderr b/tests/ui/consts/const-eval/heap/ptr_made_global_mutated.stderr new file mode 100644 index 0000000000000..15af44b74d511 --- /dev/null +++ b/tests/ui/consts/const-eval/heap/ptr_made_global_mutated.stderr @@ -0,0 +1,9 @@ +error[E0080]: writing to ALLOC0 which is read-only + --> $DIR/ptr_made_global_mutated.rs:9:5 + | +LL | *(ptr as *mut u8) = 2; + | ^^^^^^^^^^^^^^^^^^^^^ evaluation of `A` failed here + +error: aborting due to 1 previous error + +For more information about this error, try `rustc --explain E0080`. diff --git a/tests/ui/consts/const-eval/heap/ptr_not_made_global.rs b/tests/ui/consts/const-eval/heap/ptr_not_made_global.rs new file mode 100644 index 0000000000000..4b0499d41065f --- /dev/null +++ b/tests/ui/consts/const-eval/heap/ptr_not_made_global.rs @@ -0,0 +1,19 @@ +#![feature(core_intrinsics)] +#![feature(const_heap)] +use std::intrinsics; + +const FOO: &i32 = foo(); +//~^ error: encountered `const_allocate` pointer in final value that was not made global +const FOO_RAW: *const i32 = foo(); +//~^ error: encountered `const_allocate` pointer in final value that was not made global + +const fn foo() -> &'static i32 { + let t = unsafe { + let i = intrinsics::const_allocate(4, 4) as *mut i32; + *i = 20; + i + }; + unsafe { &*t } +} + +fn main() {} diff --git a/tests/ui/consts/const-eval/heap/ptr_not_made_global.stderr b/tests/ui/consts/const-eval/heap/ptr_not_made_global.stderr new file mode 100644 index 0000000000000..569a8be3e8ced --- /dev/null +++ b/tests/ui/consts/const-eval/heap/ptr_not_made_global.stderr @@ -0,0 +1,18 @@ +error: encountered `const_allocate` pointer in final value that was not made global + --> $DIR/ptr_not_made_global.rs:5:1 + | +LL | const FOO: &i32 = foo(); + | ^^^^^^^^^^^^^^^ + | + = note: use `const_make_global` to make allocated pointers immutable before returning + +error: encountered `const_allocate` pointer in final value that was not made global + --> $DIR/ptr_not_made_global.rs:7:1 + | +LL | const FOO_RAW: *const i32 = foo(); + | ^^^^^^^^^^^^^^^^^^^^^^^^^ + | + = note: use `const_make_global` to make allocated pointers immutable before returning + +error: aborting due to 2 previous errors + From 44b38ca45edc4bd826f4ef5e3fb2221cbd1649cd Mon Sep 17 00:00:00 2001 From: Deadbeef Date: Thu, 10 Jul 2025 17:54:55 +0800 Subject: [PATCH 2/5] format pointer later instead of eagerly converting to string --- .../rustc_const_eval/src/const_eval/error.rs | 12 ++++++------ .../rustc_const_eval/src/interpret/memory.rs | 18 +++++++++--------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/compiler/rustc_const_eval/src/const_eval/error.rs b/compiler/rustc_const_eval/src/const_eval/error.rs index 5b07b7c13c1a2..3e880d0200133 100644 --- a/compiler/rustc_const_eval/src/const_eval/error.rs +++ b/compiler/rustc_const_eval/src/const_eval/error.rs @@ -11,8 +11,8 @@ use rustc_span::{Span, Symbol}; use super::CompileTimeMachine; use crate::errors::{self, FrameNote, ReportErrorExt}; use crate::interpret::{ - ErrorHandled, Frame, InterpErrorInfo, InterpErrorKind, MachineStopType, err_inval, - err_machine_stop, + CtfeProvenance, ErrorHandled, Frame, InterpErrorInfo, InterpErrorKind, MachineStopType, + Pointer, err_inval, err_machine_stop, }; /// The CTFE machine has some custom error kinds. @@ -32,12 +32,12 @@ pub enum ConstEvalErrKind { /// Called `const_make_global` twice. ConstMakeGlobalPtrAlreadyMadeGlobal(AllocId), /// Called `const_make_global` on a non-heap pointer. - ConstMakeGlobalPtrIsNonHeap(String), + ConstMakeGlobalPtrIsNonHeap(Pointer>), /// Called `const_make_global` on a dangling pointer. - ConstMakeGlobalWithDanglingPtr(String), + ConstMakeGlobalWithDanglingPtr(Pointer>), /// Called `const_make_global` on a pointer that does not start at the /// beginning of an object. - ConstMakeGlobalWithOffset(String), + ConstMakeGlobalWithOffset(Pointer>), } impl MachineStopType for ConstEvalErrKind { @@ -74,7 +74,7 @@ impl MachineStopType for ConstEvalErrKind { ConstMakeGlobalPtrIsNonHeap(ptr) | ConstMakeGlobalWithOffset(ptr) | ConstMakeGlobalWithDanglingPtr(ptr) => { - adder("ptr".into(), ptr.into_diag_arg(&mut None)); + adder("ptr".into(), format!("{ptr:?}").into_diag_arg(&mut None)); } ConstMakeGlobalPtrAlreadyMadeGlobal(alloc) => { adder("alloc".into(), alloc.into_diag_arg(&mut None)); diff --git a/compiler/rustc_const_eval/src/interpret/memory.rs b/compiler/rustc_const_eval/src/interpret/memory.rs index 50578e13a7a86..08682dd193d16 100644 --- a/compiler/rustc_const_eval/src/interpret/memory.rs +++ b/compiler/rustc_const_eval/src/interpret/memory.rs @@ -315,33 +315,33 @@ impl<'tcx, M: Machine<'tcx>> InterpCx<'tcx, M> { /// mark the `const_allocate`d pointer immutable so we can intern it. pub fn make_const_heap_ptr_global( &mut self, - ptr: Pointer>, + ptr: Pointer>, ) -> InterpResult<'tcx> where - M: Machine<'tcx, MemoryKind = crate::const_eval::MemoryKind>, + M: Machine<'tcx, MemoryKind = crate::const_eval::MemoryKind, Provenance = CtfeProvenance>, { let (alloc_id, offset, _) = self.ptr_get_alloc_id(ptr, 0)?; if offset.bytes() != 0 { - return Err(ConstEvalErrKind::ConstMakeGlobalWithOffset(format!("{ptr:?}"))).into(); + return Err(ConstEvalErrKind::ConstMakeGlobalWithOffset(ptr)).into(); } let not_local_heap = matches!(self.tcx.try_get_global_alloc(alloc_id), Some(GlobalAlloc::Memory(_))); if not_local_heap { - return Err(ConstEvalErrKind::ConstMakeGlobalPtrIsNonHeap(format!("{ptr:?}"))).into(); + return Err(ConstEvalErrKind::ConstMakeGlobalPtrIsNonHeap(ptr)).into(); } - let (kind, alloc) = self.memory.alloc_map.get_mut_or(alloc_id, || { - Err(ConstEvalErrKind::ConstMakeGlobalWithDanglingPtr(format!("{ptr:?}"))) - })?; + let (kind, alloc) = self + .memory + .alloc_map + .get_mut_or(alloc_id, || Err(ConstEvalErrKind::ConstMakeGlobalWithDanglingPtr(ptr)))?; alloc.mutability = Mutability::Not; match kind { MemoryKind::Stack | MemoryKind::CallerLocation => { - return Err(ConstEvalErrKind::ConstMakeGlobalPtrIsNonHeap(format!("{ptr:?}"))) - .into(); + return Err(ConstEvalErrKind::ConstMakeGlobalPtrIsNonHeap(ptr)).into(); } MemoryKind::Machine(crate::const_eval::MemoryKind::Heap { was_made_global }) => { if *was_made_global { From fd48b7b8dd911229b635f7969e6213b5af337b7d Mon Sep 17 00:00:00 2001 From: Deadbeef Date: Sun, 13 Jul 2025 15:11:31 +0800 Subject: [PATCH 3/5] Comment more code and make tests clearer Co-Authored-By: Ralf Jung --- .../rustc_const_eval/src/const_eval/machine.rs | 6 +++++- .../rustc_const_eval/src/interpret/intern.rs | 13 ++++++------- .../rustc_const_eval/src/interpret/memory.rs | 16 +++++++++------- .../src/util/check_validity_requirement.rs | 11 +++++------ .../heap/alloc_intrinsic_nontransient.rs | 2 +- .../const-eval/heap/alloc_intrinsic_uninit.rs | 3 ++- .../const-eval/heap/make-global-dangling.rs | 2 ++ .../const-eval/heap/make-global-dangling.stderr | 4 ++-- .../consts/const-eval/heap/make-global-other.rs | 2 ++ .../const-eval/heap/make-global-other.stderr | 2 +- .../consts/const-eval/heap/make-global-twice.rs | 2 ++ .../const-eval/heap/make-global-twice.stderr | 2 +- .../const-eval/heap/ptr_made_global_mutated.rs | 1 + .../heap/ptr_made_global_mutated.stderr | 2 +- .../const-eval/heap/ptr_not_made_global.rs | 5 +++++ .../const-eval/heap/ptr_not_made_global.stderr | 4 ++-- ...sic_untyped.rs => ptr_not_made_global_mut.rs} | 0 ...ped.stderr => ptr_not_made_global_mut.stderr} | 4 ++-- 18 files changed, 49 insertions(+), 32 deletions(-) rename tests/ui/consts/const-eval/heap/{alloc_intrinsic_untyped.rs => ptr_not_made_global_mut.rs} (100%) rename tests/ui/consts/const-eval/heap/{alloc_intrinsic_untyped.stderr => ptr_not_made_global_mut.stderr} (85%) diff --git a/compiler/rustc_const_eval/src/const_eval/machine.rs b/compiler/rustc_const_eval/src/const_eval/machine.rs index 4e952b043fbca..0a6bdef2225ed 100644 --- a/compiler/rustc_const_eval/src/const_eval/machine.rs +++ b/compiler/rustc_const_eval/src/const_eval/machine.rs @@ -169,7 +169,11 @@ pub type CompileTimeInterpCx<'tcx> = InterpCx<'tcx, CompileTimeMachine<'tcx>>; #[derive(Debug, PartialEq, Eq, Copy, Clone)] pub enum MemoryKind { - Heap { was_made_global: bool }, + Heap { + /// Indicates whether `make_global` was called on this allocation. + /// If this is `true`, the allocation must be immutable. + was_made_global: bool, + }, } impl fmt::Display for MemoryKind { diff --git a/compiler/rustc_const_eval/src/interpret/intern.rs b/compiler/rustc_const_eval/src/interpret/intern.rs index 85524949053c9..b8fcdc9b7ef03 100644 --- a/compiler/rustc_const_eval/src/interpret/intern.rs +++ b/compiler/rustc_const_eval/src/interpret/intern.rs @@ -106,13 +106,12 @@ fn intern_shallow<'tcx, T: CanIntern, M: CompileTimeMachine<'tcx, T>>( match kind { MemoryKind::Machine(x) if let Some(reason) = x.disallows_intern() => match reason { - // attempting to intern a `const_allocate`d pointer that was not made global via - // `const_make_global`. We emit an error here but don't return an `Err`. The `Err` - // is for pointers that we can't intern at all (i.e. dangling pointers). We still - // (recursively) intern this pointer because we don't have to worry about the - // additional paperwork involved with _not_ interning it, such as storing it in - // the dead memory map and having to deal with additional "dangling pointer" - // messages if someone tries to store the non-made-global ptr in the final value. + // Attempting to intern a `const_allocate`d pointer that was not made global via + // `const_make_global`. This is an error, but if we return `Err` now, things + // become inconsistent because we already removed the allocation from `alloc_map`. + // So instead we just emit an error and then continue interning as usual. + // We *could* do this check before removing the allocation from `alloc_map`, but then + // it would be much harder to ensure that we only error once for each allocation. DisallowInternReason::ConstHeap => { ecx.tcx.dcx().emit_err(ConstHeapPtrInFinal { span: ecx.tcx.span }); } diff --git a/compiler/rustc_const_eval/src/interpret/memory.rs b/compiler/rustc_const_eval/src/interpret/memory.rs index 08682dd193d16..5f9f43a320b59 100644 --- a/compiler/rustc_const_eval/src/interpret/memory.rs +++ b/compiler/rustc_const_eval/src/interpret/memory.rs @@ -312,7 +312,7 @@ impl<'tcx, M: Machine<'tcx>> InterpCx<'tcx, M> { interp_ok(new_ptr) } - /// mark the `const_allocate`d pointer immutable so we can intern it. + /// Mark the `const_allocate`d allocation `ptr` points to as immutable so we can intern it. pub fn make_const_heap_ptr_global( &mut self, ptr: Pointer>, @@ -325,20 +325,19 @@ impl<'tcx, M: Machine<'tcx>> InterpCx<'tcx, M> { return Err(ConstEvalErrKind::ConstMakeGlobalWithOffset(ptr)).into(); } - let not_local_heap = - matches!(self.tcx.try_get_global_alloc(alloc_id), Some(GlobalAlloc::Memory(_))); - - if not_local_heap { + if matches!(self.tcx.try_get_global_alloc(alloc_id), Some(_)) { + // This points to something outside the current interpreter. return Err(ConstEvalErrKind::ConstMakeGlobalPtrIsNonHeap(ptr)).into(); } + // If we can't find it in `alloc_map` it must be dangling (because we don't use + // `extra_fn_ptr_map` in const-eval). let (kind, alloc) = self .memory .alloc_map .get_mut_or(alloc_id, || Err(ConstEvalErrKind::ConstMakeGlobalWithDanglingPtr(ptr)))?; - alloc.mutability = Mutability::Not; - + // Ensure this is actually a *heap* allocation, and record it as made-global. match kind { MemoryKind::Stack | MemoryKind::CallerLocation => { return Err(ConstEvalErrKind::ConstMakeGlobalPtrIsNonHeap(ptr)).into(); @@ -352,6 +351,9 @@ impl<'tcx, M: Machine<'tcx>> InterpCx<'tcx, M> { } } + // Prevent further mutation, this is now an immutable global. + alloc.mutability = Mutability::Not; + interp_ok(()) } diff --git a/compiler/rustc_const_eval/src/util/check_validity_requirement.rs b/compiler/rustc_const_eval/src/util/check_validity_requirement.rs index 1c2167a50fd26..b1f2959875051 100644 --- a/compiler/rustc_const_eval/src/util/check_validity_requirement.rs +++ b/compiler/rustc_const_eval/src/util/check_validity_requirement.rs @@ -52,6 +52,7 @@ fn check_validity_requirement_strict<'tcx>( let mut cx = InterpCx::new(cx.tcx(), DUMMY_SP, cx.typing_env, machine); + // It doesn't really matter which `MemoryKind` we use here, `Stack` is the least wrong. let allocated = cx.allocate(ty, MemoryKind::Stack).expect("OOM: failed to allocate for uninit check"); @@ -183,12 +184,10 @@ pub(crate) fn validate_scalar_in_layout<'tcx>( let Ok(layout) = cx.layout_of(ty) else { bug!("could not compute layout of {scalar:?}:{ty:?}") }; - let allocated = cx - .allocate( - layout, - MemoryKind::Machine(crate::const_eval::MemoryKind::Heap { was_made_global: false }), - ) - .expect("OOM: failed to allocate for uninit check"); + + // It doesn't really matter which `MemoryKind` we use here, `Stack` is the least wrong. + let allocated = + cx.allocate(layout, MemoryKind::Stack).expect("OOM: failed to allocate for uninit check"); cx.write_scalar(scalar, &allocated).unwrap(); diff --git a/tests/ui/consts/const-eval/heap/alloc_intrinsic_nontransient.rs b/tests/ui/consts/const-eval/heap/alloc_intrinsic_nontransient.rs index fa49990abfd81..af24e463b5059 100644 --- a/tests/ui/consts/const-eval/heap/alloc_intrinsic_nontransient.rs +++ b/tests/ui/consts/const-eval/heap/alloc_intrinsic_nontransient.rs @@ -12,7 +12,7 @@ const fn foo() -> &'static i32 { *i = 20; i }; - unsafe { &*(intrinsics::const_make_global(t as *mut u8) as *mut i32) } + unsafe { &*(intrinsics::const_make_global(t as *mut u8) as *const i32) } } fn main() { assert_eq!(*FOO, 20); diff --git a/tests/ui/consts/const-eval/heap/alloc_intrinsic_uninit.rs b/tests/ui/consts/const-eval/heap/alloc_intrinsic_uninit.rs index 2736cdeed8c8c..c54115de2045d 100644 --- a/tests/ui/consts/const-eval/heap/alloc_intrinsic_uninit.rs +++ b/tests/ui/consts/const-eval/heap/alloc_intrinsic_uninit.rs @@ -5,6 +5,7 @@ use std::intrinsics; const BAR: &i32 = unsafe { //~ ERROR: uninitialized memory - &*(intrinsics::const_make_global(intrinsics::const_allocate(4, 4)) as *mut i32) + // Make the pointer immutable to avoid errors related to mutable pointers in constants. + &*(intrinsics::const_make_global(intrinsics::const_allocate(4, 4)) as *const i32) }; fn main() {} diff --git a/tests/ui/consts/const-eval/heap/make-global-dangling.rs b/tests/ui/consts/const-eval/heap/make-global-dangling.rs index 4099e6e13ed87..f4c5929bc416d 100644 --- a/tests/ui/consts/const-eval/heap/make-global-dangling.rs +++ b/tests/ui/consts/const-eval/heap/make-global-dangling.rs @@ -1,3 +1,5 @@ +// Ensure that we can't call `const_make_global` on dangling pointers. + #![feature(core_intrinsics)] #![feature(const_heap)] diff --git a/tests/ui/consts/const-eval/heap/make-global-dangling.stderr b/tests/ui/consts/const-eval/heap/make-global-dangling.stderr index 4a5f59b985513..48c2796d0bf21 100644 --- a/tests/ui/consts/const-eval/heap/make-global-dangling.stderr +++ b/tests/ui/consts/const-eval/heap/make-global-dangling.stderr @@ -1,11 +1,11 @@ error[E0080]: pointer not dereferenceable: pointer must point to some allocation, but got null pointer - --> $DIR/make-global-dangling.rs:7:8 + --> $DIR/make-global-dangling.rs:9:8 | LL | &*(intrinsics::const_make_global(std::ptr::null_mut()) as *const u32) | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ evaluation of `Y` failed here error[E0080]: pointer not dereferenceable: pointer must point to some allocation, but got 0x1[noalloc] which is a dangling pointer (it has no provenance) - --> $DIR/make-global-dangling.rs:12:8 + --> $DIR/make-global-dangling.rs:14:8 | LL | &*(intrinsics::const_make_global(std::ptr::dangling_mut()) as *const u32) | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ evaluation of `Z` failed here diff --git a/tests/ui/consts/const-eval/heap/make-global-other.rs b/tests/ui/consts/const-eval/heap/make-global-other.rs index dd5d27cc968cb..4e2a59de13edc 100644 --- a/tests/ui/consts/const-eval/heap/make-global-other.rs +++ b/tests/ui/consts/const-eval/heap/make-global-other.rs @@ -1,3 +1,5 @@ +// Ensure that we can't call `const_make_global` on pointers not in the current interpreter. + #![feature(core_intrinsics)] #![feature(const_heap)] diff --git a/tests/ui/consts/const-eval/heap/make-global-other.stderr b/tests/ui/consts/const-eval/heap/make-global-other.stderr index 572230afe3b4c..ed0d768cf379f 100644 --- a/tests/ui/consts/const-eval/heap/make-global-other.stderr +++ b/tests/ui/consts/const-eval/heap/make-global-other.stderr @@ -1,5 +1,5 @@ error[E0080]: pointer passed to `const_make_global` does not point to a heap allocation: ALLOC0 - --> $DIR/make-global-other.rs:9:8 + --> $DIR/make-global-other.rs:11:8 | LL | &*(intrinsics::const_make_global(X as *const i32 as *mut u8) as *const i32) | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ evaluation of `Y` failed here diff --git a/tests/ui/consts/const-eval/heap/make-global-twice.rs b/tests/ui/consts/const-eval/heap/make-global-twice.rs index 36d779ad034a2..0cd617cea3e6e 100644 --- a/tests/ui/consts/const-eval/heap/make-global-twice.rs +++ b/tests/ui/consts/const-eval/heap/make-global-twice.rs @@ -1,3 +1,5 @@ +// Ensure that we can't call `const_make_global` twice. + #![feature(core_intrinsics)] #![feature(const_heap)] diff --git a/tests/ui/consts/const-eval/heap/make-global-twice.stderr b/tests/ui/consts/const-eval/heap/make-global-twice.stderr index 35d2385d9e07f..95cdb9694d8b9 100644 --- a/tests/ui/consts/const-eval/heap/make-global-twice.stderr +++ b/tests/ui/consts/const-eval/heap/make-global-twice.stderr @@ -1,5 +1,5 @@ error[E0080]: attempting to call `const_make_global` twice on the same allocation ALLOC0 - --> $DIR/make-global-twice.rs:11:5 + --> $DIR/make-global-twice.rs:13:5 | LL | intrinsics::const_make_global(ptr); | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ evaluation of `Y` failed here diff --git a/tests/ui/consts/const-eval/heap/ptr_made_global_mutated.rs b/tests/ui/consts/const-eval/heap/ptr_made_global_mutated.rs index 75f2d87d4d05d..bea2a5949c261 100644 --- a/tests/ui/consts/const-eval/heap/ptr_made_global_mutated.rs +++ b/tests/ui/consts/const-eval/heap/ptr_made_global_mutated.rs @@ -1,3 +1,4 @@ +// Ensure that once an allocation is "made global", we can no longer mutate it. #![feature(core_intrinsics)] #![feature(const_heap)] use std::intrinsics; diff --git a/tests/ui/consts/const-eval/heap/ptr_made_global_mutated.stderr b/tests/ui/consts/const-eval/heap/ptr_made_global_mutated.stderr index 15af44b74d511..0e88ea77d1ca0 100644 --- a/tests/ui/consts/const-eval/heap/ptr_made_global_mutated.stderr +++ b/tests/ui/consts/const-eval/heap/ptr_made_global_mutated.stderr @@ -1,5 +1,5 @@ error[E0080]: writing to ALLOC0 which is read-only - --> $DIR/ptr_made_global_mutated.rs:9:5 + --> $DIR/ptr_made_global_mutated.rs:10:5 | LL | *(ptr as *mut u8) = 2; | ^^^^^^^^^^^^^^^^^^^^^ evaluation of `A` failed here diff --git a/tests/ui/consts/const-eval/heap/ptr_not_made_global.rs b/tests/ui/consts/const-eval/heap/ptr_not_made_global.rs index 4b0499d41065f..6980e92c21896 100644 --- a/tests/ui/consts/const-eval/heap/ptr_not_made_global.rs +++ b/tests/ui/consts/const-eval/heap/ptr_not_made_global.rs @@ -1,3 +1,8 @@ +// Ensure that we reject interning `const_allocate`d allocations in the final value of constants +// if they have not been made global through `const_make_global`. The pointers are made *immutable* +// to focus the test on the missing `make_global`; `ptr_not_made_global_mut.rs` covers the case +// where the pointer remains mutable. + #![feature(core_intrinsics)] #![feature(const_heap)] use std::intrinsics; diff --git a/tests/ui/consts/const-eval/heap/ptr_not_made_global.stderr b/tests/ui/consts/const-eval/heap/ptr_not_made_global.stderr index 569a8be3e8ced..cb2bb1e8cd852 100644 --- a/tests/ui/consts/const-eval/heap/ptr_not_made_global.stderr +++ b/tests/ui/consts/const-eval/heap/ptr_not_made_global.stderr @@ -1,5 +1,5 @@ error: encountered `const_allocate` pointer in final value that was not made global - --> $DIR/ptr_not_made_global.rs:5:1 + --> $DIR/ptr_not_made_global.rs:10:1 | LL | const FOO: &i32 = foo(); | ^^^^^^^^^^^^^^^ @@ -7,7 +7,7 @@ LL | const FOO: &i32 = foo(); = note: use `const_make_global` to make allocated pointers immutable before returning error: encountered `const_allocate` pointer in final value that was not made global - --> $DIR/ptr_not_made_global.rs:7:1 + --> $DIR/ptr_not_made_global.rs:12:1 | LL | const FOO_RAW: *const i32 = foo(); | ^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/tests/ui/consts/const-eval/heap/alloc_intrinsic_untyped.rs b/tests/ui/consts/const-eval/heap/ptr_not_made_global_mut.rs similarity index 100% rename from tests/ui/consts/const-eval/heap/alloc_intrinsic_untyped.rs rename to tests/ui/consts/const-eval/heap/ptr_not_made_global_mut.rs diff --git a/tests/ui/consts/const-eval/heap/alloc_intrinsic_untyped.stderr b/tests/ui/consts/const-eval/heap/ptr_not_made_global_mut.stderr similarity index 85% rename from tests/ui/consts/const-eval/heap/alloc_intrinsic_untyped.stderr rename to tests/ui/consts/const-eval/heap/ptr_not_made_global_mut.stderr index e69d27e48c815..eae79d24797a9 100644 --- a/tests/ui/consts/const-eval/heap/alloc_intrinsic_untyped.stderr +++ b/tests/ui/consts/const-eval/heap/ptr_not_made_global_mut.stderr @@ -1,5 +1,5 @@ error: encountered `const_allocate` pointer in final value that was not made global - --> $DIR/alloc_intrinsic_untyped.rs:8:1 + --> $DIR/ptr_not_made_global_mut.rs:8:1 | LL | const BAR: *mut i32 = unsafe { intrinsics::const_allocate(4, 4) as *mut i32 }; | ^^^^^^^^^^^^^^^^^^^ @@ -7,7 +7,7 @@ LL | const BAR: *mut i32 = unsafe { intrinsics::const_allocate(4, 4) as *mut i32 = note: use `const_make_global` to make allocated pointers immutable before returning error: encountered mutable pointer in final value of constant - --> $DIR/alloc_intrinsic_untyped.rs:8:1 + --> $DIR/ptr_not_made_global_mut.rs:8:1 | LL | const BAR: *mut i32 = unsafe { intrinsics::const_allocate(4, 4) as *mut i32 }; | ^^^^^^^^^^^^^^^^^^^ From 8f854d9cb2d108a2d4f980ccb4d5909e214e6ef0 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Wed, 16 Jul 2025 15:11:11 +0200 Subject: [PATCH 4/5] const heap: fix ICE on forgotten make_global --- .../src/const_eval/eval_queries.rs | 11 ++- .../rustc_const_eval/src/interpret/intern.rs | 74 +++++++++---------- .../rustc_const_eval/src/interpret/mod.rs | 2 +- .../src/interpret/validity.rs | 10 ++- tests/crashes/const_mut_ref_check_bypass.rs | 11 --- .../heap/ptr_not_made_global_mut.rs | 9 +-- .../heap/ptr_not_made_global_mut.stderr | 8 +- 7 files changed, 58 insertions(+), 67 deletions(-) delete mode 100644 tests/crashes/const_mut_ref_check_bypass.rs diff --git a/compiler/rustc_const_eval/src/const_eval/eval_queries.rs b/compiler/rustc_const_eval/src/const_eval/eval_queries.rs index 32209ff436791..ce72d59b8b0e4 100644 --- a/compiler/rustc_const_eval/src/const_eval/eval_queries.rs +++ b/compiler/rustc_const_eval/src/const_eval/eval_queries.rs @@ -18,7 +18,7 @@ use tracing::{debug, instrument, trace}; use super::{CanAccessMutGlobal, CompileTimeInterpCx, CompileTimeMachine}; use crate::const_eval::CheckAlignment; use crate::interpret::{ - CtfeValidationMode, GlobalId, Immediate, InternKind, InternResult, InterpCx, InterpErrorKind, + CtfeValidationMode, GlobalId, Immediate, InternError, InternKind, InterpCx, InterpErrorKind, InterpResult, MPlaceTy, MemoryKind, OpTy, RefTracking, ReturnContinuation, create_static_alloc, intern_const_alloc_recursive, interp_ok, throw_exhaust, }; @@ -98,20 +98,25 @@ fn eval_body_using_ecx<'tcx, R: InterpretationResult<'tcx>>( match intern_result { Ok(()) => {} - Err(InternResult::FoundDanglingPointer) => { + Err(InternError::DanglingPointer) => { throw_inval!(AlreadyReported(ReportedErrorInfo::non_const_eval_error( ecx.tcx .dcx() .emit_err(errors::DanglingPtrInFinal { span: ecx.tcx.span, kind: intern_kind }), ))); } - Err(InternResult::FoundBadMutablePointer) => { + Err(InternError::BadMutablePointer) => { throw_inval!(AlreadyReported(ReportedErrorInfo::non_const_eval_error( ecx.tcx .dcx() .emit_err(errors::MutablePtrInFinal { span: ecx.tcx.span, kind: intern_kind }), ))); } + Err(InternError::ConstAllocNotGlobal) => { + throw_inval!(AlreadyReported(ReportedErrorInfo::non_const_eval_error( + ecx.tcx.dcx().emit_err(errors::ConstHeapPtrInFinal { span: ecx.tcx.span }), + ))); + } } interp_ok(R::make_result(ret, ecx)) diff --git a/compiler/rustc_const_eval/src/interpret/intern.rs b/compiler/rustc_const_eval/src/interpret/intern.rs index b8fcdc9b7ef03..f25bb222bcfcc 100644 --- a/compiler/rustc_const_eval/src/interpret/intern.rs +++ b/compiler/rustc_const_eval/src/interpret/intern.rs @@ -26,12 +26,9 @@ use rustc_middle::ty::layout::TyAndLayout; use rustc_span::def_id::LocalDefId; use tracing::{instrument, trace}; -use super::{ - AllocId, Allocation, InterpCx, MPlaceTy, Machine, MemoryKind, PlaceTy, err_ub, interp_ok, -}; -use crate::const_eval; +use super::{AllocId, Allocation, InterpCx, MPlaceTy, Machine, MemoryKind, PlaceTy, interp_ok}; use crate::const_eval::DummyMachine; -use crate::errors::{ConstHeapPtrInFinal, NestedStaticInThreadLocal}; +use crate::{const_eval, errors}; pub trait CompileTimeMachine<'tcx, T> = Machine< 'tcx, @@ -63,7 +60,7 @@ pub enum DisallowInternReason { /// /// This prevents us from interning `const_allocate` pointers that have not been made /// global through `const_make_global`. -pub trait CanIntern { +pub trait CanIntern: Copy { fn disallows_intern(&self) -> Option; } @@ -96,24 +93,22 @@ fn intern_shallow<'tcx, T: CanIntern, M: CompileTimeMachine<'tcx, T>>( alloc_id: AllocId, mutability: Mutability, disambiguator: Option<&mut DisambiguatorState>, -) -> Result + 'tcx, ()> { +) -> Result + 'tcx, InternError> { trace!("intern_shallow {:?}", alloc_id); // remove allocation // FIXME(#120456) - is `swap_remove` correct? let Some((kind, mut alloc)) = ecx.memory.alloc_map.swap_remove(&alloc_id) else { - return Err(()); + return Err(InternError::DanglingPointer); }; match kind { MemoryKind::Machine(x) if let Some(reason) = x.disallows_intern() => match reason { - // Attempting to intern a `const_allocate`d pointer that was not made global via - // `const_make_global`. This is an error, but if we return `Err` now, things - // become inconsistent because we already removed the allocation from `alloc_map`. - // So instead we just emit an error and then continue interning as usual. - // We *could* do this check before removing the allocation from `alloc_map`, but then - // it would be much harder to ensure that we only error once for each allocation. DisallowInternReason::ConstHeap => { - ecx.tcx.dcx().emit_err(ConstHeapPtrInFinal { span: ecx.tcx.span }); + // Attempting to intern a `const_allocate`d pointer that was not made global via + // `const_make_global`. We want to error here, but we have to first put the + // allocation back into the `alloc_map` to keep things in a consistent state. + ecx.memory.alloc_map.insert(alloc_id, (kind, alloc)); + return Err(InternError::ConstAllocNotGlobal); } }, MemoryKind::Machine(_) | MemoryKind::Stack | MemoryKind::CallerLocation => {} @@ -170,7 +165,7 @@ fn intern_as_new_static<'tcx>( tcx.set_nested_alloc_id_static(alloc_id, feed.def_id()); if tcx.is_thread_local_static(static_id.into()) { - tcx.dcx().emit_err(NestedStaticInThreadLocal { span: tcx.def_span(static_id) }); + tcx.dcx().emit_err(errors::NestedStaticInThreadLocal { span: tcx.def_span(static_id) }); } // These do not inherit the codegen attrs of the parent static allocation, since @@ -196,9 +191,10 @@ pub enum InternKind { } #[derive(Debug)] -pub enum InternResult { - FoundBadMutablePointer, - FoundDanglingPointer, +pub enum InternError { + BadMutablePointer, + DanglingPointer, + ConstAllocNotGlobal, } /// Intern `ret` and everything it references. @@ -212,7 +208,7 @@ pub fn intern_const_alloc_recursive<'tcx, M: CompileTimeMachine<'tcx, const_eval ecx: &mut InterpCx<'tcx, M>, intern_kind: InternKind, ret: &MPlaceTy<'tcx>, -) -> Result<(), InternResult> { +) -> Result<(), InternError> { let mut disambiguator = DisambiguatorState::new(); // We are interning recursively, and for mutability we are distinguishing the "root" allocation @@ -269,6 +265,7 @@ pub fn intern_const_alloc_recursive<'tcx, M: CompileTimeMachine<'tcx, const_eval // We want to first report "dangling" and then "mutable", so we need to delay reporting these // errors. let mut result = Ok(()); + let mut found_bad_mutable_ptr = false; // Keep interning as long as there are things to intern. // We show errors if there are dangling pointers, or mutable pointers in immutable contexts @@ -323,18 +320,7 @@ pub fn intern_const_alloc_recursive<'tcx, M: CompileTimeMachine<'tcx, const_eval // when there is memory there that someone might expect to be mutable, but we make it immutable. let dangling = !is_already_global && !ecx.memory.alloc_map.contains_key(&alloc_id); if !dangling { - // Found a mutable pointer inside a const where inner allocations should be - // immutable. - if !ecx.tcx.sess.opts.unstable_opts.unleash_the_miri_inside_of_you { - span_bug!( - ecx.tcx.span, - "the static const safety checks accepted a mutable pointer they should not have accepted" - ); - } - // Prefer dangling pointer errors over mutable pointer errors - if result.is_ok() { - result = Err(InternResult::FoundBadMutablePointer); - } + found_bad_mutable_ptr = true; } } if ecx.tcx.try_get_global_alloc(alloc_id).is_some() { @@ -355,12 +341,25 @@ pub fn intern_const_alloc_recursive<'tcx, M: CompileTimeMachine<'tcx, const_eval just_interned.insert(alloc_id); match intern_shallow(ecx, alloc_id, inner_mutability, Some(&mut disambiguator)) { Ok(nested) => todo.extend(nested), - Err(()) => { - ecx.tcx.dcx().delayed_bug("found dangling pointer during const interning"); - result = Err(InternResult::FoundDanglingPointer); + Err(err) => { + ecx.tcx.dcx().delayed_bug("error during const interning"); + result = Err(err); } } } + if found_bad_mutable_ptr && result.is_ok() { + // We found a mutable pointer inside a const where inner allocations should be immutable, + // and there was no other error. This should usually never happen! However, this can happen + // in unleash-miri mode, so report it as a normal error then. + if ecx.tcx.sess.opts.unstable_opts.unleash_the_miri_inside_of_you { + result = Err(InternError::BadMutablePointer); + } else { + span_bug!( + ecx.tcx.span, + "the static const safety checks accepted a mutable pointer they should not have accepted" + ); + } + } result } @@ -375,10 +374,7 @@ pub fn intern_const_alloc_for_constprop<'tcx, T: CanIntern, M: CompileTimeMachin return interp_ok(()); } // Move allocation to `tcx`. - if let Some(_) = intern_shallow(ecx, alloc_id, Mutability::Not, None) - .map_err(|()| err_ub!(DeadLocal))? - .next() - { + if let Some(_) = intern_shallow(ecx, alloc_id, Mutability::Not, None).unwrap().next() { // We are not doing recursive interning, so we don't currently support provenance. // (If this assertion ever triggers, we should just implement a // proper recursive interning loop -- or just call `intern_const_alloc_recursive`. diff --git a/compiler/rustc_const_eval/src/interpret/mod.rs b/compiler/rustc_const_eval/src/interpret/mod.rs index 2fc372dd01978..2f365ec77b33e 100644 --- a/compiler/rustc_const_eval/src/interpret/mod.rs +++ b/compiler/rustc_const_eval/src/interpret/mod.rs @@ -26,7 +26,7 @@ pub use self::call::FnArg; pub use self::eval_context::{InterpCx, format_interp_error}; use self::eval_context::{from_known_layout, mir_assign_valid_types}; pub use self::intern::{ - HasStaticRootDefId, InternKind, InternResult, intern_const_alloc_for_constprop, + HasStaticRootDefId, InternError, InternKind, intern_const_alloc_for_constprop, intern_const_alloc_recursive, }; pub use self::machine::{AllocMap, Machine, MayLeak, ReturnAction, compile_time_machine}; diff --git a/compiler/rustc_const_eval/src/interpret/validity.rs b/compiler/rustc_const_eval/src/interpret/validity.rs index fc44490c96d37..62f591ceaa910 100644 --- a/compiler/rustc_const_eval/src/interpret/validity.rs +++ b/compiler/rustc_const_eval/src/interpret/validity.rs @@ -558,7 +558,15 @@ impl<'rt, 'tcx, M: Machine<'tcx>> ValidityVisitor<'rt, 'tcx, M> { { // Everything should be already interned. let Some(global_alloc) = self.ecx.tcx.try_get_global_alloc(alloc_id) else { - assert!(self.ecx.memory.alloc_map.get(alloc_id).is_none()); + if self.ecx.memory.alloc_map.contains_key(&alloc_id) { + // This can happen when interning didn't complete due to, e.g. + // missing `make_global`. This must mean other errors are already + // being reported. + self.ecx.tcx.dcx().delayed_bug( + "interning did not complete, there should be an error", + ); + return interp_ok(()); + } // We can't have *any* references to non-existing allocations in const-eval // as the rest of rustc isn't happy with them... so we throw an error, even // though for zero-sized references this isn't really UB. diff --git a/tests/crashes/const_mut_ref_check_bypass.rs b/tests/crashes/const_mut_ref_check_bypass.rs deleted file mode 100644 index 6234536c72beb..0000000000000 --- a/tests/crashes/const_mut_ref_check_bypass.rs +++ /dev/null @@ -1,11 +0,0 @@ -// Version of `tests/ui/consts/const-eval/heap/alloc_intrinsic_untyped.rs` without the flag that -// suppresses the ICE. -//@ known-bug: #129233 -#![feature(core_intrinsics)] -#![feature(const_heap)] -#![feature(const_mut_refs)] -use std::intrinsics; - -const BAR: *mut i32 = unsafe { intrinsics::const_allocate(4, 4) as *mut i32 }; - -fn main() {} diff --git a/tests/ui/consts/const-eval/heap/ptr_not_made_global_mut.rs b/tests/ui/consts/const-eval/heap/ptr_not_made_global_mut.rs index 201fa71502298..e44a3f7a23c2c 100644 --- a/tests/ui/consts/const-eval/heap/ptr_not_made_global_mut.rs +++ b/tests/ui/consts/const-eval/heap/ptr_not_made_global_mut.rs @@ -1,12 +1,11 @@ -// We unleash Miri here since this test demonstrates code that bypasses the checks against interning -// mutable pointers, which currently ICEs. Unleashing Miri silences the ICE. -//@ compile-flags: -Zunleash-the-miri-inside-of-you +// Ensure that we reject interning `const_allocate`d allocations in the final value of constants +// if they have not been made global through `const_make_global`. This covers the case where the +// pointer is even still mutable, which used to ICE. #![feature(core_intrinsics)] #![feature(const_heap)] use std::intrinsics; const BAR: *mut i32 = unsafe { intrinsics::const_allocate(4, 4) as *mut i32 }; -//~^ error: mutable pointer in final value of constant -//~| error: encountered `const_allocate` pointer in final value that was not made global +//~^ error: encountered `const_allocate` pointer in final value that was not made global fn main() {} diff --git a/tests/ui/consts/const-eval/heap/ptr_not_made_global_mut.stderr b/tests/ui/consts/const-eval/heap/ptr_not_made_global_mut.stderr index eae79d24797a9..2445ce633d6ff 100644 --- a/tests/ui/consts/const-eval/heap/ptr_not_made_global_mut.stderr +++ b/tests/ui/consts/const-eval/heap/ptr_not_made_global_mut.stderr @@ -6,11 +6,5 @@ LL | const BAR: *mut i32 = unsafe { intrinsics::const_allocate(4, 4) as *mut i32 | = note: use `const_make_global` to make allocated pointers immutable before returning -error: encountered mutable pointer in final value of constant - --> $DIR/ptr_not_made_global_mut.rs:8:1 - | -LL | const BAR: *mut i32 = unsafe { intrinsics::const_allocate(4, 4) as *mut i32 }; - | ^^^^^^^^^^^^^^^^^^^ - -error: aborting due to 2 previous errors +error: aborting due to 1 previous error From 0bf0860a0ef285fe3e4eb3b176006c14d8ca9d8d Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Wed, 16 Jul 2025 15:19:17 +0200 Subject: [PATCH 5/5] simplfy memory kind handling during interning --- .../src/const_eval/dummy_machine.rs | 1 - .../src/const_eval/machine.rs | 2 - .../rustc_const_eval/src/interpret/intern.rs | 49 ++++--------------- .../rustc_const_eval/src/interpret/machine.rs | 1 + 4 files changed, 11 insertions(+), 42 deletions(-) diff --git a/compiler/rustc_const_eval/src/const_eval/dummy_machine.rs b/compiler/rustc_const_eval/src/const_eval/dummy_machine.rs index b6e2682af367b..438aed41b8be3 100644 --- a/compiler/rustc_const_eval/src/const_eval/dummy_machine.rs +++ b/compiler/rustc_const_eval/src/const_eval/dummy_machine.rs @@ -49,7 +49,6 @@ impl HasStaticRootDefId for DummyMachine { impl<'tcx> interpret::Machine<'tcx> for DummyMachine { interpret::compile_time_machine!(<'tcx>); - type MemoryKind = !; const PANIC_ON_ALLOC_FAIL: bool = true; // We want to just eval random consts in the program, so `eval_mir_const` can fail. diff --git a/compiler/rustc_const_eval/src/const_eval/machine.rs b/compiler/rustc_const_eval/src/const_eval/machine.rs index 0a6bdef2225ed..70ad57b2b11b7 100644 --- a/compiler/rustc_const_eval/src/const_eval/machine.rs +++ b/compiler/rustc_const_eval/src/const_eval/machine.rs @@ -320,8 +320,6 @@ impl<'tcx> CompileTimeMachine<'tcx> { impl<'tcx> interpret::Machine<'tcx> for CompileTimeMachine<'tcx> { compile_time_machine!(<'tcx>); - type MemoryKind = MemoryKind; - const PANIC_ON_ALLOC_FAIL: bool = false; // will be raised as a proper error #[inline(always)] diff --git a/compiler/rustc_const_eval/src/interpret/intern.rs b/compiler/rustc_const_eval/src/interpret/intern.rs index f25bb222bcfcc..bb59b9f54186c 100644 --- a/compiler/rustc_const_eval/src/interpret/intern.rs +++ b/compiler/rustc_const_eval/src/interpret/intern.rs @@ -30,14 +30,14 @@ use super::{AllocId, Allocation, InterpCx, MPlaceTy, Machine, MemoryKind, PlaceT use crate::const_eval::DummyMachine; use crate::{const_eval, errors}; -pub trait CompileTimeMachine<'tcx, T> = Machine< +pub trait CompileTimeMachine<'tcx> = Machine< 'tcx, - MemoryKind = T, + MemoryKind = const_eval::MemoryKind, Provenance = CtfeProvenance, ExtraFnVal = !, FrameExtra = (), AllocExtra = (), - MemoryMap = FxIndexMap, Allocation)>, + MemoryMap = FxIndexMap, Allocation)>, > + HasStaticRootDefId; pub trait HasStaticRootDefId { @@ -52,35 +52,6 @@ impl HasStaticRootDefId for const_eval::CompileTimeMachine<'_> { } } -pub enum DisallowInternReason { - ConstHeap, -} - -/// A trait for controlling whether memory allocated in the interpreter can be interned. -/// -/// This prevents us from interning `const_allocate` pointers that have not been made -/// global through `const_make_global`. -pub trait CanIntern: Copy { - fn disallows_intern(&self) -> Option; -} - -impl CanIntern for const_eval::MemoryKind { - fn disallows_intern(&self) -> Option { - match self { - const_eval::MemoryKind::Heap { was_made_global: false } => { - Some(DisallowInternReason::ConstHeap) - } - const_eval::MemoryKind::Heap { was_made_global: true } => None, - } - } -} - -impl CanIntern for ! { - fn disallows_intern(&self) -> Option { - *self - } -} - /// Intern an allocation. Returns `Err` if the allocation does not exist in the local memory. /// /// `mutability` can be used to force immutable interning: if it is `Mutability::Not`, the @@ -88,7 +59,7 @@ impl CanIntern for ! { /// already mutable (as a sanity check). /// /// Returns an iterator over all relocations referred to by this allocation. -fn intern_shallow<'tcx, T: CanIntern, M: CompileTimeMachine<'tcx, T>>( +fn intern_shallow<'tcx, M: CompileTimeMachine<'tcx>>( ecx: &mut InterpCx<'tcx, M>, alloc_id: AllocId, mutability: Mutability, @@ -102,16 +73,16 @@ fn intern_shallow<'tcx, T: CanIntern, M: CompileTimeMachine<'tcx, T>>( }; match kind { - MemoryKind::Machine(x) if let Some(reason) = x.disallows_intern() => match reason { - DisallowInternReason::ConstHeap => { + MemoryKind::Machine(const_eval::MemoryKind::Heap { was_made_global }) => { + if !was_made_global { // Attempting to intern a `const_allocate`d pointer that was not made global via // `const_make_global`. We want to error here, but we have to first put the // allocation back into the `alloc_map` to keep things in a consistent state. ecx.memory.alloc_map.insert(alloc_id, (kind, alloc)); return Err(InternError::ConstAllocNotGlobal); } - }, - MemoryKind::Machine(_) | MemoryKind::Stack | MemoryKind::CallerLocation => {} + } + MemoryKind::Stack | MemoryKind::CallerLocation => {} } // Set allocation mutability as appropriate. This is used by LLVM to put things into @@ -204,7 +175,7 @@ pub enum InternError { /// /// For `InternKind::Static` the root allocation will not be interned, but must be handled by the caller. #[instrument(level = "debug", skip(ecx))] -pub fn intern_const_alloc_recursive<'tcx, M: CompileTimeMachine<'tcx, const_eval::MemoryKind>>( +pub fn intern_const_alloc_recursive<'tcx, M: CompileTimeMachine<'tcx>>( ecx: &mut InterpCx<'tcx, M>, intern_kind: InternKind, ret: &MPlaceTy<'tcx>, @@ -365,7 +336,7 @@ pub fn intern_const_alloc_recursive<'tcx, M: CompileTimeMachine<'tcx, const_eval /// Intern `ret`. This function assumes that `ret` references no other allocation. #[instrument(level = "debug", skip(ecx))] -pub fn intern_const_alloc_for_constprop<'tcx, T: CanIntern, M: CompileTimeMachine<'tcx, T>>( +pub fn intern_const_alloc_for_constprop<'tcx, M: CompileTimeMachine<'tcx>>( ecx: &mut InterpCx<'tcx, M>, alloc_id: AllocId, ) -> InterpResult<'tcx, ()> { diff --git a/compiler/rustc_const_eval/src/interpret/machine.rs b/compiler/rustc_const_eval/src/interpret/machine.rs index d150ed69250e5..e981f3973ae63 100644 --- a/compiler/rustc_const_eval/src/interpret/machine.rs +++ b/compiler/rustc_const_eval/src/interpret/machine.rs @@ -649,6 +649,7 @@ pub macro compile_time_machine(<$tcx: lifetime>) { type ExtraFnVal = !; + type MemoryKind = $crate::const_eval::MemoryKind; type MemoryMap = rustc_data_structures::fx::FxIndexMap, Allocation)>; const GLOBAL_KIND: Option = None; // no copying of globals from `tcx` to machine memory