Commit Graph

1992 Commits

Author SHA1 Message Date
bors
e9c965df7b Auto merge of #128812 - nnethercote:shrink-TyKind-FnPtr, r=compiler-errors
Shrink `TyKind::FnPtr`.

By splitting the `FnSig` within `TyKind::FnPtr` into `FnSigTys` and `FnHeader`, which can be packed more efficiently. This reduces the size of the hot `TyKind` type from 32 bytes to 24 bytes on 64-bit platforms. This reduces peak memory usage by a few percent on some benchmarks. It also reduces cache misses and page faults similarly, though this doesn't translate to clear cycles or wall-time improvements on CI.

r? `@compiler-errors`
2024-08-14 00:56:53 +00:00
bors
591ecb88df Auto merge of #128742 - RalfJung:miri-vtable-uniqueness, r=saethlin
miri: make vtable addresses not globally unique

Miri currently gives vtables a unique global address. That's not actually matching reality though. So this PR enables Miri to generate different addresses for the same type-trait pair.

To avoid generating an unbounded number of `AllocId` (and consuming unbounded amounts of memory), we use the "salt" technique that we also already use for giving constants non-unique addresses: the cache is keyed on a "salt" value n top of the actually relevant key, and Miri picks a random salt (currently in the range `0..16`) each time it needs to choose an `AllocId` for one of these globals -- that means we'll get up to 16 different addresses for each vtable. The salt scheme is integrated into the global allocation deduplication logic in `tcx`, and also used for functions and string literals. (So this also fixes the problem that casting the same function to a fn ptr over and over will consume unbounded memory.)

r? `@saethlin`
Fixes https://github.com/rust-lang/miri/issues/3737
2024-08-13 04:32:34 +00:00
Matthias Krüger
4c49418472
Rollup merge of #128712 - compiler-errors:normalize-borrowck, r=lcnr
Normalize struct tail properly for `dyn` ptr-to-ptr casting in new solver

Realized that the new solver didn't handle ptr-to-ptr casting correctly.

r? lcnr

Built on #128694
2024-08-12 23:10:50 +02:00
Guillaume Gomez
7c6dca9050
Rollup merge of #128978 - compiler-errors:assert-matches, r=jieyouxu
Use `assert_matches` around the compiler more

It's a useful assertion, especially since it actually prints out the LHS.
2024-08-12 17:09:19 +02:00
Michael Goulet
f15997ffec Remove struct_tail_no_normalization 2024-08-11 19:40:03 -04:00
Michael Goulet
b5d2079fb9 Rename normalization functions to raw 2024-08-11 19:40:03 -04:00
Michael Goulet
c361c924a0 Use assert_matches around the compiler 2024-08-11 12:25:39 -04:00
Pavel Grigorenko
a11922d568 rustc_const_eval: make LazyLock suggestion translatable 2024-08-10 14:32:55 +03:00
Pavel Grigorenko
3a18c6b55f rustc_const_eval: make message about "const stable" translatable 2024-08-10 14:32:55 +03:00
Pavel Grigorenko
43f3a218ea rustc_const_eval: remove redundant #[allow(rustc::untranslatable_diagnostic)] 2024-08-10 14:32:55 +03:00
Ralf Jung
9a233bb9dd interpret: make identity upcasts a NOP again to avoid them generating a new random vtable 2024-08-09 18:48:45 +02:00
Nicholas Nethercote
c4717cc9d1 Shrink TyKind::FnPtr.
By splitting the `FnSig` within `TyKind::FnPtr` into `FnSigTys` and
`FnHeader`, which can be packed more efficiently. This reduces the size
of the hot `TyKind` type from 32 bytes to 24 bytes on 64-bit platforms.
This reduces peak memory usage by a few percent on some benchmarks. It
also reduces cache misses and page faults similarly, though this doesn't
translate to clear cycles or wall-time improvements on CI.
2024-08-09 14:33:25 +10:00
Michael Goulet
b916431976 Rename struct_tail_erasing_lifetimes to struct_tail_for_codegen 2024-08-08 12:15:16 -04:00
Michael Goulet
f81549c9ca Normalize struct tail properly in disalignment check 2024-08-08 11:58:11 -04:00
Caleb Zulawski
8818c95528 Disallow enabling features without their implied features 2024-08-07 00:45:00 -04:00
Caleb Zulawski
83276f5680 Hide implicit target features from diagnostics when possible 2024-08-07 00:43:52 -04:00
bors
6696447f78 Auto merge of #128761 - matthiaskrgr:rollup-5p1mlqq, r=matthiaskrgr
Rollup of 9 pull requests

Successful merges:

 - #124944 (On trait bound mismatch, detect multiple crate versions in dep tree)
 - #125048 (PinCoerceUnsized trait into core)
 - #128406 (implement BufReader::peek)
 - #128539 (Forbid unused unsafe in vxworks-specific std modules)
 - #128687 (interpret: refactor function call handling to be better-abstracted)
 - #128692 (Add a triagebot mention for `library/Cargo.lock`)
 - #128710 (Don't ICE when getting an input file name's stem fails)
 - #128718 (Consider `cfg_attr` checked by `CheckAttrVisitor`)
 - #128751 (std:🧵 set_name implementation proposal for vxWorks.)

r? `@ghost`
`@rustbot` modify labels: rollup
2024-08-07 00:46:06 +00:00
Matthias Krüger
8912318a4c
Rollup merge of #128720 - y21:issue119620, r=compiler-errors
Pass the right `ParamEnv` to `might_permit_raw_init_strict`

Fixes #119620

`might_permit_raw_init_strict` currently passes an empty `ParamEnv` to the `InterpCx`, instead of the actual `ParamEnv` that was passed in to `check_validity_requirement` at callsite.

This leads to ICEs such as the linked issue where for `UnsafeCell<*mut T>` we initially get the layout with the right `ParamEnv` (which suceeds because it can prove that `T: Sized` and therefore `UnsafeCell<*mut T>` has a known layout) but then do the rest with an empty `ParamEnv` where `T: Sized` is not known to hold so getting the layout for `*mut T` later fails.

This runs into an assertion in other layout code where it's making the (valid) assumption that, when we already have a layout for a struct (`UnsafeCell<*mut T>`), getting the layout of one of its fields (`*mut T`) should also succeed, which wasn't the case here due to using the wrong `ParamEnv`.

So, this PR changes it to just use the same `ParamEnv` all the way throughout.
2024-08-06 20:23:41 +02:00
Ralf Jung
5cab8ae4a4 miri: make vtable addresses not globally unique 2024-08-06 19:09:31 +02:00
Ralf Jung
1c2705c622 various cleanups based on review 2024-08-06 13:49:26 +02:00
Ralf Jung
5783e73f46 make some Frame fields more private 2024-08-06 11:08:14 +02:00
Ralf Jung
522af10ccc interpret: refactor function call handling to be better-abstracted 2024-08-06 11:08:12 +02:00
y21
fdf3b31165 pass the right ParamEnv to might_permit_raw_init_strict 2024-08-06 01:53:50 +02:00
Ralf Jung
46896d6f66 interpret: move nullary-op evaluation into operator.rs 2024-08-05 22:42:34 +02:00
Ralf Jung
21c02517c3 Miri: add a flag to do recursive validity checking 2024-08-03 10:33:58 +02:00
Matthias Krüger
66d243f61b
Rollup merge of #128494 - RalfJung:mir-lazy-lists, r=compiler-errors
MIR required_consts, mentioned_items: ensure we do not forget to fill these lists

Bodies initially get created with empty required_consts and mentioned_items, but at some point those should be filled. Make sure we notice when that is forgotten.
2024-08-02 06:43:44 +02:00
Matthias Krüger
67fcb58347
Rollup merge of #128453 - RalfJung:raw_eq, r=saethlin
raw_eq: using it on bytes with provenance is not UB (outside const-eval)

The current behavior of raw_eq violates provenance monotonicity. See https://github.com/rust-lang/rust/pull/124921 for an explanation of provenance monotonicity. It is violated in raw_eq because comparing bytes without provenance is well-defined, but adding provenance makes the operation UB.

So remove the no-provenance requirement from raw_eq. However, the requirement stays in-place for compile-time invocations of raw_eq, that indeed cannot deal with provenance.

Cc `@rust-lang/opsem`
2024-08-02 06:43:43 +02:00
Ralf Jung
6d312d7bd1 MIR required_consts, mentioned_items: ensure we do not forget to fill these lists 2024-08-01 15:49:25 +02:00
Ralf Jung
db1652e07b fix the way we detect overflow for inbounds arithmetic (and tweak the error message) 2024-08-01 14:38:58 +02:00
Ralf Jung
5d5c97aad7 interpret: simplify pointer arithmetic logic 2024-08-01 14:25:19 +02:00
Ralf Jung
de78cb56b2 on a signed deref check, mention the right pointer in the error 2024-08-01 14:25:19 +02:00
Ralf Jung
f97aba2271 raw_eq: using it on bytes with provenance is not UB (outside const-eval) 2024-07-31 20:26:20 +02:00
bors
f8060d282d Auto merge of #128083 - Mark-Simulacrum:bump-bootstrap, r=albertlarsan68
Bump bootstrap compiler to new beta

https://forge.rust-lang.org/release/process.html#master-bootstrap-update-t-2-day-tuesday
2024-07-30 17:49:08 +00:00
Matthias Krüger
eb8114bad7
Rollup merge of #128277 - RalfJung:offset_from_wildcard, r=oli-obk
miri: fix offset_from behavior on wildcard pointers

offset_from wouldn't behave correctly when the "end" pointer was a wildcard pointer (result of an int2ptr cast) just at the end of the allocation. Fix that by expressing the "same allocation" check in terms of two `check_ptr_access_signed` instead of something specific to offset_from, which is both more canonical and works better with wildcard pointers.

The second commit just improves diagnostics: I wanted the "pointer is dangling (has no provenance)" message to say how many bytes of memory it expected to see (since if it were 0 bytes, this would actually be legal, so it's good to tell the user that it's not 0 bytes). And then I was annoying that the error looks so different for when you deref a dangling pointer vs an out-of-bounds pointer so I made them more similar.

Fixes https://github.com/rust-lang/miri/issues/3767
2024-07-29 11:42:34 +02:00
Nicholas Nethercote
84ac80f192 Reformat use declarations.
The previous commit updated `rustfmt.toml` appropriately. This commit is
the outcome of running `x fmt --all` with the new formatting options.
2024-07-29 08:26:52 +10:00
Mark Rousskov
5eca36d27a step cfg(bootstrap) 2024-07-28 14:46:29 -04:00
Ralf Jung
f8ebe8d783 improve dangling/oob errors and make them more uniform 2024-07-27 21:12:54 +02:00
Ralf Jung
5b38b149dc miri: fix offset_from behavior on wildcard pointers 2024-07-27 17:18:35 +02:00
Matthias Krüger
ab2dd3aeb9
Rollup merge of #127950 - nnethercote:rustfmt-skip-on-use-decls, r=cuviper
Use `#[rustfmt::skip]` on some `use` groups to prevent reordering.

`use` declarations will be reformatted in #125443. Very rarely, there is a desire to force a group of `use` declarations together in a way that auto-formatting will break up. E.g. when you want a single comment to apply to a group. #126776 dealt with all of these in the codebase, ensuring that no comments intended for multiple `use` declarations would end up in the wrong place. But some people were unhappy with it.

This commit uses `#[rustfmt::skip]` to create these custom `use` groups in an idiomatic way for a few of the cases changed in #126776. This works because rustfmt treats any `use` item annotated with `#[rustfmt::skip]` as a barrier and won't reorder other `use` items around it.

r? `@cuviper`
2024-07-26 00:57:21 +02:00
Oli Scherer
acba6449f8 Do not try to reveal hidden types when trying to prove Freeze in the defining scope 2024-07-24 16:00:48 +00:00
Michael Goulet
ce8a625092 Move all error reporting into rustc_trait_selection 2024-07-21 22:34:35 -04:00
Matthias Krüger
9f8c618a90
Rollup merge of #127856 - RalfJung:interpret-cast-sanity, r=oli-obk
interpret: add sanity check in dyn upcast to double-check what codegen does

For dyn receiver calls, we already have two codepaths: look up the function to call by indexing into the vtable, or alternatively resolve the DefId given the dynamic type of the receiver. With debug assertions enabled, the interpreter does both and compares the results. (Without debug assertions we always use the vtable as it is simpler.)

This PR does the same for dyn trait upcasts. However, for casts *not* using the vtable is the easier thing to do, so now the vtable path is the debug-assertion-only path. In particular, there are cases where the vtable does not contain a pointer for upcasts but instead reuses the old pointer: when the supertrait vtable is a prefix of the larger vtable. We don't want to expose this optimization and detect UB if people do a transmute assuming this optimization, so we cannot in general use the vtable indexing path.

r? ``@oli-obk``
2024-07-19 17:06:50 +02:00
Nicholas Nethercote
c5dadd0408 Use #[rustfmt::skip] on some use groups to prevent reordering.
`use` declarations will be reformatted in #125443. Very rarely, there is
a desire to force a group of `use` declarations together in a way that
auto-formatting will break up. E.g. when you want a single comment to
apply to a group. #126776 dealt with all of these in the codebase,
ensuring that no comments intended for multiple `use` declarations would
end up in the wrong place. But some people were unhappy with it.

This commit uses `#[rustfmt::skip]` to create these custom `use` groups
in an idiomatic way for a few of the cases changed in #126776. This
works because rustfmt treats any `use` item annotated with
`#[rustfmt::skip]` as a barrier and won't reorder other `use` items
around it.
2024-07-19 13:26:48 +10:00
Ralf Jung
fa74a9e6aa valtree construction: keep track of which type was valtree-incompatible 2024-07-18 11:58:16 +02:00
Ralf Jung
a7b80819e9 interpret: add sanity check in dyn upcast to double-check what codegen does 2024-07-18 11:41:10 +02:00
Trevor Gross
606d8cf9e8
Rollup merge of #126776 - nnethercote:rustfmt-use-pre-cleanups-2, r=cuviper
Clean up more comments near use declarations

#125443 will reformat all use declarations in the repository. There are a few edge cases involving comments on use declarations that require care. This PR fixes them up so #125443 can go ahead with a simple `x fmt --all`. A follow-up to #126717.

r? ``@cuviper``
2024-07-16 20:10:10 -05:00
Nicholas Nethercote
75b6ec9800 Avoid comments that describe multiple use items.
There are some comments describing multiple subsequent `use` items. When
the big `use` reformatting happens some of these `use` items will be
reordered, possibly moving them away from the comment. With this
additional level of formatting it's not really feasible to have comments
of this type. This commit removes them in various ways:

- merging separate `use` items when appropriate;

- inserting blank lines between the comment and the first `use` item;

- outright deletion (for comments that are relatively low-value);

- adding a separate "top-level" comment.

We also entirely skip formatting for four library files that contain
nothing but `pub use` re-exports, where reordering would be painful.
2024-07-17 08:02:46 +10:00
bors
5c84886056 Auto merge of #127638 - adwinwhite:cache_string, r=oli-obk
Add cache for `allocate_str`

Best effort cache for string allocation in const eval.

Fixes [rust-lang/miri#3470](https://github.com/rust-lang/miri/issues/3470).
2024-07-16 02:41:07 +00:00
Matthias Krüger
78529d9841
Rollup merge of #124921 - RalfJung:offset-from-same-addr, r=oli-obk
offset_from: always allow pointers to point to the same address

This PR implements the last remaining part of the t-opsem consensus in https://github.com/rust-lang/unsafe-code-guidelines/issues/472: always permits offset_from when both pointers have the same address, no matter how they are computed. This is required to achieve *provenance monotonicity*.

Tracking issue: https://github.com/rust-lang/rust/issues/117945

### What is provenance monotonicity and why does it matter?

Provenance monotonicity is the property that adding arbitrary provenance to any no-provenance pointer must never make the program UB. More specifically, in the program state, data in memory is stored as a sequence of [abstract bytes](https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#abstract-byte), where each byte can optionally carry provenance. When a pointer is stored in memory, all of the bytes it is stored in carry that provenance. Provenance monotonicity means: if we take some byte that does not have provenance, and give it some arbitrary provenance, then that cannot change program behavior or introduce UB into a UB-free program.

We care about provenance monotonicity because we want to allow the optimizer to remove provenance-stripping operations. Removing a provenance-stripping operation effectively means the program after the optimization has provenance where the program before the optimization did not -- since the provenance removal does not happen in the optimized program. IOW, the compiler transformation added provenance to previously provenance-free bytes. This is exactly what provenance monotonicity lets us do.

We care about removing provenance-stripping operations because `*ptr = *ptr` is, in general, (likely) a provenance-stripping operation. Specifically, consider `ptr: *mut usize` (or any integer type), and imagine the data at `*ptr` is actually a pointer (i.e., we are type-punning between pointers and integers). Then `*ptr` on the right-hand side evaluates to the data in memory *without* any provenance (because [integers do not have provenance](https://rust-lang.github.io/rfcs/3559-rust-has-provenance.html#integers-do-not-have-provenance)). Storing that back to `*ptr` means that the abstract bytes `ptr` points to are the same as before, except their provenance is now gone. This makes  `*ptr = *ptr`  a provenance-stripping operation  (Here we assume `*ptr` is fully initialized. If it is not initialized, evaluating `*ptr` to a value is UB, so removing `*ptr = *ptr` is trivially correct.)

### What does `offset_from` have to do with provenance monotonicity?

With `ptr = without_provenance(N)`, `ptr.offset_from(ptr)` is always well-defined and returns 0. By provenance monotonicity, I can now add provenance to the two arguments of `offset_from` and it must still be well-defined. Crucially, I can add *different* provenance to the two arguments, and it must still be well-defined. In other words, this must always be allowed: `ptr1.with_addr(N).offset_from(ptr2.with_addr(N))` (and it returns 0). But the current spec for `offset_from` says that the two pointers must either both be derived from an integer or both be derived from the same allocation, which is not in general true for arbitrary `ptr1`, `ptr2`.

To obtain provenance monotonicity, this PR hence changes the spec for offset_from to say that if both pointers have the same address, the function is always well-defined.

### What further consequences does this have?

It means the compiler can no longer transform `end2 = begin.offset(end.offset_from(begin))` into `end2 = end`. However, it can still be transformed into `end2 = begin.with_addr(end.addr())`, which later parts of the backend (when provenance has been erased) can trivially turn into `end2 = end`.

The only alternative I am aware of is a fundamentally different handling of zero-sized accesses, where a "no provenance" pointer is not allowed to do zero-sized accesses and instead we have a special provenance that indicates "may be used for zero-sized accesses (and nothing else)". `offset` and `offset_from` would then always be UB on a "no provenance" pointer, and permit zero-sized offsets on a "zero-sized provenance" pointer. This achieves provenance monotonicity. That is, however, a breaking change as it contradicts what we landed in https://github.com/rust-lang/rust/pull/117329. It's also a whole bunch of extra UB, which doesn't seem worth it just to achieve that transformation.

### What about the backend?

LLVM currently doesn't have an intrinsic for pointer difference, so we anyway cast to integer and subtract there. That's never UB so it is compatible with any relaxation we may want to apply.

If LLVM gets a `ptrsub` in the future, then plausibly it will be consistent with `ptradd` and [consider two equal pointers to be inbounds](https://github.com/rust-lang/rust/pull/124921#issuecomment-2205795829).
2024-07-15 21:11:47 +02:00
Adwin White
e595f3d13f Add cache for allocate_str 2024-07-14 22:11:46 +08:00