Commit Graph

561 Commits

Author SHA1 Message Date
Matthias Krüger
96195a5e24
Rollup merge of #130342 - RalfJung:slice-idx-overflow, r=saethlin
interpret, miri: fix dealing with overflow during slice indexing and allocation

This is mostly to fix https://github.com/rust-lang/rust/issues/130284.

I then realized we're using somewhat sketchy arguments for a similar multiplication in `copy`/`copy_nonoverlapping`/`write_bytes`,  so I made them all share the same function that checks exactly the right thing. (The intrinsics would previously fail on allocations larger than `1 << 47` bytes... which are theoretically possible maybe? Anyway it seems conceptually wrong to use any other bound than `isize::MAX` here.)
2024-09-15 16:01:38 +02:00
Ralf Jung
49316f871c also stabilize const_refs_to_cell 2024-09-15 10:20:47 +02:00
Ralf Jung
3175cc2814 stabilize const_mut_refs 2024-09-15 09:51:32 +02:00
bors
4f1be92153 Auto merge of #129753 - folkertdev:stabilize-const-extern-fn, r=RalfJung
stabilize `const_extern_fn`

closes https://github.com/rust-lang/rust/issues/64926

tracking issue: https://github.com/rust-lang/rust/issues/64926
reference PR: https://github.com/rust-lang/reference/pull/1596

## Stabilizaton Report

### Summary

Using `const extern "Rust"` and `const extern "C"` was already stabilized (since version 1.62.0, see https://github.com/rust-lang/rust/pull/95346). This PR stabilizes the other calling conventions: it is now possible to write  `const unsafe extern "calling-convention" fn` and `const extern "calling-convention" fn` for any supported calling convention:

```rust
const extern "C-unwind" fn foo1(val: u8) -> u8 { val + 1}
const extern "stdcall" fn foo2(val: u8) -> u8 { val + 1}
const unsafe extern "C-unwind" fn bar1(val: bool) -> bool { !val }
const unsafe extern "stdcall" fn bar2(val: bool) -> bool { !val }
```

This can be used to const-ify an `extern fn`, or conversely, to make a `const fn` callable from external code.

r? T-lang

cc `@RalfJung`
2024-09-14 23:47:59 +00:00
bors
9b72238eb8 Auto merge of #128543 - RalfJung:const-interior-mut, r=fee1-dead
const-eval interning: accept interior mutable pointers in final value

…but keep rejecting mutable references

This fixes https://github.com/rust-lang/rust/issues/121610 by no longer firing the lint when there is a pointer with interior mutability in the final value of the constant. On stable, such pointers can be created with code like:
```rust
pub enum JsValue {
    Undefined,
    Object(Cell<bool>),
}
impl Drop for JsValue {
    fn drop(&mut self) {}
}
// This does *not* get promoted since `JsValue` has a destructor.
// However, the outer scope rule applies, still giving this 'static lifetime.
const UNDEFINED: &JsValue = &JsValue::Undefined;
```
It's not great to accept such values since people *might* think that it is legal to mutate them with unsafe code. (This is related to how "infectious" `UnsafeCell` is, which is a [wide open question](https://github.com/rust-lang/unsafe-code-guidelines/issues/236).) However, we [explicitly document](https://doc.rust-lang.org/reference/behavior-considered-undefined.html) that things created by `const` are immutable. Furthermore, we also accept the following even more questionable code without any lint today:
```rust
let x: &'static Option<Cell<i32>> = &None;
```
This is even more questionable since it does *not* involve a `const`, and yet still puts the data into immutable memory. We could view this as promotion [potentially introducing UB](https://github.com/rust-lang/unsafe-code-guidelines/issues/493). However, we've accepted this since ~forever and it's [too late to reject this now](https://github.com/rust-lang/rust/pull/122789); the pattern is just too useful.

So basically, if you think that `UnsafeCell` should be tracked fully precisely, then you should want the lint we currently emit to be removed, which this PR does. If you think `UnsafeCell` should "infect" surrounding `enum`s, the big problem is really https://github.com/rust-lang/unsafe-code-guidelines/issues/493 which does not trigger the lint -- the cases the lint triggers on are actually the "harmless" ones as there is an explicit surrounding `const` explaining why things end up being immutable.

What all this goes to show is that the hard error added in https://github.com/rust-lang/rust/pull/118324 (later turned into the future-compat lint that I am now suggesting we remove) was based on some wrong assumptions, at least insofar as it concerns shared references. Furthermore, that lint does not help at all for the most problematic case here where the potential UB is completely implicit. (In fact, the lint is actively in the way of [my preferred long-term strategy](https://github.com/rust-lang/unsafe-code-guidelines/issues/493#issuecomment-2028674105) for dealing with this UB.) So I think we should go back to square one and remove that error/lint for shared references. For mutable references, it does seem to work as intended, so we can keep it. Here it serves as a safety net in case the static checks that try to contain mutable references to the inside of a const initializer are not working as intended; I therefore made the check ICE to encourage users to tell us if that safety net is triggered.

Closes https://github.com/rust-lang/rust/issues/122153 by removing the lint.

Cc `@rust-lang/opsem` `@rust-lang/lang`
2024-09-14 21:11:04 +00:00
Folkert de Vries
a528f4ecd9 stabilize const_extern_fn 2024-09-14 18:07:06 +02:00
Ralf Jung
3b806d337c interpret: fix dealing with overflow during slice indexing 2024-09-14 10:00:07 +02:00
bors
d3a8524e80 Auto merge of #129137 - camelid:lazy-def-macro-const, r=BoxyUwU
Fix anon const def-creation when macros are involved

Fixes #128016.

Ever since #125915, some `ast::AnonConst`s turn into `hir::ConstArgKind::Path`s,
which don't have associated `DefId`s. To deal with the fact that we don't have
resolution information in `DefCollector`, we decided to implement a process
where if the anon const *appeared* to be trivial (i.e., `N` or `{ N }`), we
would avoid creating a def for it in `DefCollector`. If later, in AST lowering,
we realized it turned out to be a unit struct literal, or we were lowering it
to something that didn't use `hir::ConstArg`, we'd create its def there.

However, let's say we have a macro `m!()` that expands to a reference to a free
constant `FOO`. If we use `m!()` in the body of an anon const (e.g., `Foo<{ m!() }>`),
then in def collection, it appears to be a nontrivial anon const and we create
a def. But the macro expands to something that looks like a trivial const arg,
but is not, so in AST lowering we "fix" the mistake we assumed def collection
made and create a def for it. This causes a duplicate definition ICE.

The long-term fix for this is to delay the creation of defs for all expression-like
nodes until AST lowering (see #128844 for an incomplete attempt at this). This
would avoid issues like this one that are caused by hacky workarounds. However,
doing this uncovers a pre-existing bug with opaque types that is quite involved
to fix (see #129023).

In the meantime, this PR fixes the bug by delaying def creation for anon consts
whose bodies are macro invocations until after we expand the macro and know
what is inside it. This is accomplished by adding information to create the
anon const's def to the data in `Resolver.invocation_parents`.

r? `@BoxyUwU`
2024-09-13 01:10:51 +00:00
Noah Lev
e0bd01167e Re-enable ConstArgKind::Path lowering by default
...and remove the `const_arg_path` feature gate as a result. It was only
a stopgap measure to fix the regression that the new lowering introduced
(which should now be fixed by this PR).
2024-09-12 13:56:01 -04:00
Matthias Krüger
4428d6f363
Rollup merge of #130101 - RalfJung:const-cleanup, r=fee1-dead
some const cleanup: remove unnecessary attributes, add const-hack indications

I learned that we use `FIXME(const-hack)` on top of the "const-hack" label. That seems much better since it marks the right place in the code and moves around with the code. So I went through the PRs with that label and added appropriate FIXMEs in the code. IMO this means we can then remove the label -- Cc ``@rust-lang/wg-const-eval.``

I also noticed some const stability attributes that don't do anything useful, and removed them.

r? ``@fee1-dead``
2024-09-12 19:03:41 +02:00
Jubilee
312b597a7e
Rollup merge of #129835 - RalfJung:float-tests, r=workingjubilee
enable const-float-classify test, and test_next_up/down on 32bit x86

The  test_next_up/down tests have been disabled on all 32bit x86 targets, which goes too far -- they should definitely work on our (tier 1) i686 target, it is only without SSE that we might run into trouble due to https://github.com/rust-lang/rust/issues/114479. However, I cannot reproduce that trouble any more -- maybe that got fixed by https://github.com/rust-lang/rust/pull/123351?

The  const-float-classify test relied on const traits "because we can", and got disabled when const traits got removed. That's an unfortunate reduction in test coverage of our float functionality, so let's restore the test in a way that does not rely on const traits.

The const-float tests are actually testing runtime behavior as well, and I don't think that runtime behavior is covered anywhere else. Probably they shouldn't be called "const-float", but we don't have a `tests/ui/float` folder... should I create one and move them there? Are there any other ui tests that should be moved there?

I also removed some FIXME referring to not use x87 for Rust-to-Rust-calls -- that has happened in #123351 so this got fixed indeed. Does that mean we can simplify all that float code again? I am not sure how to test it. Is running the test suite with an i586 target enough?

Cc ```@tgross35``` ```@workingjubilee```
2024-09-11 15:53:21 -07:00
Jubilee Young
c40ee79b84 move float tests into their own dir 2024-09-10 16:05:37 -07:00
Ralf Jung
123757ae07 turn errors that should be impossible due to our static checks into ICEs 2024-09-10 10:27:30 +02:00
Ralf Jung
f76f128dc9 const-eval interning: accpt interior mutable pointers in final value (but keep rejecting mutable references) 2024-09-10 10:26:16 +02:00
Scott McMurray
d2309c2a9d Ban non-array SIMD 2024-09-09 19:39:43 -07:00
Ralf Jung
7a3a317618 remove const_slice_index annotations, it never had a feature gate anyway 2024-09-08 23:08:43 +02:00
Ralf Jung
11d51aae86 const: make ptr.is_null() stop execution on ambiguity 2024-09-08 19:07:46 +02:00
Matthias Krüger
3b2139bdb1
Rollup merge of #129555 - RalfJung:const_float_bits_conv, r=dtolnay
stabilize const_float_bits_conv

This stabilizes `const_float_bits_conv`, and thus fixes https://github.com/rust-lang/rust/issues/72447. With https://github.com/rust-lang/rust/pull/128596 having landed, this is entirely a libs-only question now.

```rust
impl f32 {
    pub const fn to_bits(self) -> u32;
    pub const fn from_bits(v: u32) -> Self;
    pub const fn to_be_bytes(self) -> [u8; 4];
    pub const fn to_le_bytes(self) -> [u8; 4]
    pub const fn to_ne_bytes(self) -> [u8; 4];
    pub const fn from_be_bytes(bytes: [u8; 4]) -> Self;
    pub const fn from_le_bytes(bytes: [u8; 4]) -> Self;
    pub const fn from_ne_bytes(bytes: [u8; 4]) -> Self;
}

impl f64 {
    pub const fn to_bits(self) -> u64;
    pub const fn from_bits(v: u64) -> Self;
    pub const fn to_be_bytes(self) -> [u8; 8];
    pub const fn to_le_bytes(self) -> [u8; 8]
    pub const fn to_ne_bytes(self) -> [u8; 8];
    pub const fn from_be_bytes(bytes: [u8; 8]) -> Self;
    pub const fn from_le_bytes(bytes: [u8; 8]) -> Self;
    pub const fn from_ne_bytes(bytes: [u8; 8]) -> Self;
}
````

Cc `@rust-lang/wg-const-eval` `@rust-lang/libs-api`
2024-09-07 23:30:11 +02:00
Folkert de Vries
f7679d0507 propagate tainted_by_errors in MirBorrowckCtxt::emit_errors 2024-09-04 20:06:33 +02:00
Ralf Jung
19908ff7a3 stabilize const_float_bits_conv 2024-09-01 12:38:59 +02:00
Matthias Krüger
1063c0dd37
Rollup merge of #129207 - GrigorenkoPV:elided-is-named, r=cjgillot
Lint that warns when an elided lifetime ends up being a named lifetime

As suggested in https://github.com/rust-lang/rust/issues/48686#issuecomment-1817334575

Fixes #48686
2024-09-01 03:58:03 +02:00
bors
a7399ba69d Auto merge of #129831 - matthiaskrgr:rollup-befq6zx, r=matthiaskrgr
Rollup of 11 pull requests

Successful merges:

 - #128523 (Add release notes for 1.81.0)
 - #129605 (Add missing `needs-llvm-components` directives for run-make tests that need target-specific codegen)
 - #129650 (Clean up `library/profiler_builtins/build.rs`)
 - #129651 (skip stage 0 target check if `BOOTSTRAP_SKIP_TARGET_SANITY` is set)
 - #129684 (Enable Miri to pass pointers through FFI)
 - #129762 (Update the `wasm-component-ld` binary dependency)
 - #129782 (couple more crash tests)
 - #129816 (tidy: say which feature gate has a stability issue mismatch)
 - #129818 (make the const-unstable-in-stable error more clear)
 - #129824 (Fix code examples buttons not appearing on click on mobile)
 - #129826 (library: Fix typo in `core::mem`)

r? `@ghost`
`@rustbot` modify labels: rollup
2024-08-31 20:59:27 +00:00
Ralf Jung
e3b1966137 make the const-unstable-in-stable error more clear 2024-08-31 15:11:48 +02:00
Matthias Krüger
ea5bb99c0f
Rollup merge of #129659 - RalfJung:const-fn-lang-feat, r=fee1-dead
const fn stability checking: also check declared language features

Fixes https://github.com/rust-lang/rust/issues/129656

`@oli-obk` I assume it is just an oversight that this didn't use `features().declared()`? Or is there a deep reason that this must only check `declared_lib_features`?
2024-08-31 14:46:06 +02:00
Pavel Grigorenko
a9b959a020 elided_named_lifetimes: bless & add tests 2024-08-31 15:35:42 +03:00
Ralf Jung
c2984179d9 const fn stability checking: also check declared language features 2024-08-31 12:14:05 +02:00
Matthias Krüger
39e840f804
Rollup merge of #129613 - RalfJung:interpret-target-feat, r=saethlin
interpret: do not make const-eval query result depend on tcx.sess

The check against calling functions with missing target features uses `tcx.sess` to determine which target features are available. However, this can differ between different crates in a crate graph, so the same const-eval query can come to different conclusions about whether a constant evaluates successfully or not -- which is bad, we should consistently get the same result everywhere.
2024-08-28 17:12:17 +02:00
Matthias Krüger
849c240c1e
Rollup merge of #129507 - RalfJung:per-fn-const_precise_live_drops, r=wesleywiser
make it possible to enable const_precise_live_drops per-function

This makes const_precise_live_drops work with rustc_allow_const_fn_unstable so that we can stabilize individual functions that rely on const_precise_live_drops.

The goal is that we can use that to stabilize some of https://github.com/rust-lang/rust/issues/67441 without having to stabilize const_precise_live_drops.
2024-08-27 18:59:27 +02:00
Matthias Krüger
dedfb35711
Rollup merge of #129190 - rezwanahmedsami:master, r=tgross35
Add f16 and f128 to tests/ui/consts/const-float-bits-conv.rs

Fixes #129163

try-job: x86_64-msvc
try-job: x86_64-mingw
try-job: i686-msvc
try-job: i686-mingw
2024-08-26 17:25:31 +02:00
Ralf Jung
7a290fce90 interpret: do not make const-eval query result depend on tcx.sess 2024-08-26 17:08:52 +02:00
Ralf Jung
ba24121ad6 tweak rustc_allow_const_fn_unstable hint, and add back test for stable-const-can-only-call-stable-const 2024-08-25 13:50:55 +02:00
Ralf Jung
5412499ad5 make it possible to enable const_precise_live_drops per-function 2024-08-25 13:49:16 +02:00
Matthias Krüger
c0bedb9e5e
Rollup merge of #129246 - BoxyUwU:feature_gate_const_arg_path, r=cjgillot
Retroactively feature gate `ConstArgKind::Path`

This puts the lowering introduced by #125915 under a feature gate until we fix the regressions introduced by it. Alternative to whole sale reverting the PR since it didn't seem like a very clean revert and I think this is generally a step in the right direction and don't want to get stuck landing and reverting the PR over and over :)

cc #129137 ``@camelid,`` tests taken from there. beta is branching soon so I think it makes sense to not try and rush that fix through since it wont have much time to bake and if it has issues we can't simply revert it on beta.

Fixes #128016
2024-08-24 22:14:12 +02:00
Matthias Krüger
05b8bcc662
Rollup merge of #129199 - RalfJung:writes_through_immutable_pointer, r=compiler-errors
make writes_through_immutable_pointer a hard error

This turns the lint added in https://github.com/rust-lang/rust/pull/118324 into a hard error. This has been reported in cargo's future-compat reports since Rust 1.76 (released in February). Given that const_mut_refs is still unstable, it should be impossible to even hit this error on stable: we did accidentally stabilize some functions that can cause this error, but that got reverted in https://github.com/rust-lang/rust/pull/117905. Still, let's do a crater run just to be sure.

Given that this should only affect unstable code, I don't think it needs an FCP, but let's Cc ``@rust-lang/lang`` anyway -- any objection to making this unambiguous UB into a hard error during const-eval? This can be viewed as part of https://github.com/rust-lang/rust/pull/129195 which is already nominated for discussion.
2024-08-24 22:14:12 +02:00
Matthias Krüger
0dfdea1c45
Rollup merge of #128596 - RalfJung:const_fn_floating_point_arithmetic, r=nnethercote
stabilize const_fn_floating_point_arithmetic

Part of https://github.com/rust-lang/rust/issues/128288
Fixes https://github.com/rust-lang/rust/issues/57241

The existing test `tests/ui/consts/const_let_eq_float.rs`  ([link](https://github.com/RalfJung/rust/blob/const_fn_floating_point_arithmetic/tests/ui/consts/const_let_eq_float.rs)) covers the basics, and also Miri has extensive tests covering the interpreter's float machinery. Also, that machinery can already be used on stable inside `const`/`static` initializers, just not inside `const fn`.

This was explicitly called out in https://github.com/rust-lang/rfcs/pull/3514 so in a sense t-lang just recently already FCP'd this, but let's hear from them whether they want another FCP for the stabilization here or whether that was covered by the FCP for the RFC.
Cc ``@rust-lang/lang``

### Open items

- [x] Update the Reference: https://github.com/rust-lang/reference/pull/1566
2024-08-24 22:14:11 +02:00
Ralf Jung
ebfa3e3f62 stabilize const_fn_floating_point_arithmetic 2024-08-22 08:25:54 +02:00
Camille GILLOT
ca7c55f050 Do not rely on names to find lifetimes. 2024-08-22 02:20:05 +00:00
Matthias Krüger
9bb17d345a
Rollup merge of #129281 - Nadrieril:tweak-unreachable-lint-wording, r=estebank
Tweak unreachable lint wording

Some tweaks to the notes added in https://github.com/rust-lang/rust/pull/128034.

r? `@estebank`
2024-08-21 18:15:03 +02:00
Nadrieril
25964b541e Reword the "unreachable pattern" explanations 2024-08-19 21:39:57 +02:00
Boxy
b8eedfa3d2 Retroactively feature gate ConstArgKind::Path 2024-08-19 01:14:22 +01:00
Ralf Jung
79503dd742 stabilize raw_ref_op 2024-08-18 19:46:53 +02:00
Rezwan ahmed sami
9f39427228 Added #[cfg(target_arch = x86_64)] to f16 and f128 2024-08-18 11:12:40 +06:00
Rezwan ahmed sami
803cbaf5fb Add f16 and f128 to tests/ui/consts/const-float-bits-conv.rs 2024-08-18 01:11:18 +06:00
Ralf Jung
8b642a1883 make writes_through_immutable_pointer a hard error 2024-08-17 14:49:35 +02:00
Ralf Jung
5f33085a7f more clear NAN names and fix broken_floats logic
Co-authored-by: Jubilee <46493976+workingjubilee@users.noreply.github.com>
2024-08-17 10:26:59 +02:00
Ralf Jung
53e1a2ee46 disable problematic float-conv tests in i586 targets
also fix typo in const-float-bits-conv
2024-08-17 10:26:53 +02:00
Ralf Jung
368a4c6808 float to/from bits and classify: update comments regarding non-conformant hardware 2024-08-16 10:11:36 +02:00
bors
591ecb88df Auto merge of #128742 - RalfJung:miri-vtable-uniqueness, r=saethlin
miri: make vtable addresses not globally unique

Miri currently gives vtables a unique global address. That's not actually matching reality though. So this PR enables Miri to generate different addresses for the same type-trait pair.

To avoid generating an unbounded number of `AllocId` (and consuming unbounded amounts of memory), we use the "salt" technique that we also already use for giving constants non-unique addresses: the cache is keyed on a "salt" value n top of the actually relevant key, and Miri picks a random salt (currently in the range `0..16`) each time it needs to choose an `AllocId` for one of these globals -- that means we'll get up to 16 different addresses for each vtable. The salt scheme is integrated into the global allocation deduplication logic in `tcx`, and also used for functions and string literals. (So this also fixes the problem that casting the same function to a fn ptr over and over will consume unbounded memory.)

r? `@saethlin`
Fixes https://github.com/rust-lang/miri/issues/3737
2024-08-13 04:32:34 +00:00
Nadrieril
99468bb760 Update tests 2024-08-10 12:07:17 +02:00
Ralf Jung
9a233bb9dd interpret: make identity upcasts a NOP again to avoid them generating a new random vtable 2024-08-09 18:48:45 +02:00