fix(core): const_allocate now handles the runtime case by returning a null pointer

The change to `const_allocate`'s behavior was introduced by
[rust-lang/rust#92274][1].

This means two things: For one, we no longer need `const_eval_select`
to keep the compiler from panicking. For two, it can now return a null
pointer, for which we must be prepared.

[1]: rust-lang/rust#92274

Author: yvt

src/r3_core/src/closure.rs

@@ -116,6 +116,14 @@ impl Closure {
     /// C1.call();
     /// C2.call();
     /// ```
+    ///
+    /// Don't call it at runtime:
+    ///
+    /// ```rust,should_panic
+    /// use r3_core::closure::Closure;
+    /// let x = [1, 2, 3];
+    /// Closure::from_fn_const(move || { let _x = x; });
+    /// ```
     pub const fn from_fn_const<T: FnOnce() + Copy + Send + 'static>(func: T) -> Self {
         let size = size_of::<T>();
         let align = align_of::<T>();
@@ -128,6 +136,10 @@ impl Closure {
                 Self::from_raw_parts(trampoline_zst::<T>, ClosureEnv(None))
             } else {
                 let env = core::intrinsics::const_allocate(size, align);
+                assert!(
+                    !env.guaranteed_eq(core::ptr::null_mut()),
+                    "heap allocation failed"
+                );
                 env.cast::<T>().write(func);
                 Self::from_raw_parts(trampoline_indirect::<T>, transmute(env))
             }

src/r3_core/src/lib.rs

@@ -13,7 +13,6 @@
 #![feature(const_raw_ptr_comparison)]
 #![feature(const_ptr_offset_from)]
 #![feature(maybe_uninit_slice)]
-#![feature(const_eval_select)]
 #![feature(const_mut_refs)]
 #![feature(const_slice_from_raw_parts)]
 #![feature(const_option)]

src/r3_core/src/utils/alloc/allocator.rs

@@ -462,17 +462,7 @@ unsafe impl const rlsf::FlexSource for ConstFlexSource {
 
         assert!(min_size != 0);
 
-        // FIXME: Directly calling `const_allocate` from here causes the
-        //        compiler to panic
-        // Safety: `const_allocate_{in_const, at_rt}` behave observably
-        //         equivalent... if their results are ever observed.
-        let ptr = unsafe {
-            core::intrinsics::const_eval_select(
-                (size, BLOCK_SIZE),
-                const_allocate_in_const,
-                const_allocate_at_rt,
-            )
-        };
+        let ptr = unsafe { core::intrinsics::const_allocate(size, BLOCK_SIZE) };
 
         // FIXME: `NonNull::new` is not `const fn` yet
         assert!(!ptr.guaranteed_eq(core::ptr::null_mut()));
@@ -485,12 +475,3 @@ unsafe impl const rlsf::FlexSource for ConstFlexSource {
         BLOCK_SIZE
     }
 }
-
-const fn const_allocate_in_const(size: usize, align: usize) -> *mut u8 {
-    // Safety: Technically it's not `unsafe`
-    unsafe { core::intrinsics::const_allocate(size, align) }
-}
-
-fn const_allocate_at_rt(_: usize, _: usize) -> *mut u8 {
-    loop {}
-}

src/r3_kernel/src/lib.rs

@@ -10,7 +10,6 @@
 #![feature(generic_const_exprs)]
 #![feature(const_refs_to_cell)]
 #![feature(maybe_uninit_slice)]
-#![feature(const_eval_select)]
 #![feature(const_option_ext)]
 #![feature(const_ptr_as_ref)]
 #![feature(const_ptr_offset)]