Clean up library/ and infer unwind: unreachable

Author: saethlin

compiler/rustc_const_eval/src/const_eval/machine.rs

@@ -536,7 +536,6 @@ impl<'mir, 'tcx> interpret::Machine<'mir, 'tcx> for CompileTimeInterpreter<'mir,
             // (We know the value here in the machine of course, but this is the runtime of that code,
             // not the optimization stage.)
             sym::is_val_statically_known => ecx.write_scalar(Scalar::from_bool(false), dest)?,
-
             _ => {
                 throw_unsup_format!(
                     "intrinsic `{intrinsic_name}` is not supported at compile-time"

compiler/rustc_mir_transform/src/instsimplify.rs

@@ -2,10 +2,12 @@
 
 use crate::simplify::simplify_duplicate_switch_targets;
 use rustc_middle::mir::*;
+use rustc_middle::ty::layout;
 use rustc_middle::ty::layout::ValidityRequirement;
 use rustc_middle::ty::{self, GenericArgsRef, ParamEnv, Ty, TyCtxt};
 use rustc_span::symbol::Symbol;
 use rustc_target::abi::FieldIdx;
+use rustc_target::spec::abi::Abi;
 
 pub struct InstSimplify;
 
@@ -38,6 +40,7 @@ impl<'tcx> MirPass<'tcx> for InstSimplify {
                 block.terminator.as_mut().unwrap(),
                 &mut block.statements,
             );
+            ctx.simplify_nounwind_call(block.terminator.as_mut().unwrap());
             simplify_duplicate_switch_targets(block.terminator.as_mut().unwrap());
         }
     }
@@ -252,6 +255,28 @@ impl<'tcx> InstSimplifyContext<'tcx, '_> {
         terminator.kind = TerminatorKind::Goto { target: destination_block };
     }
 
+    fn simplify_nounwind_call(&self, terminator: &mut Terminator<'tcx>) {
+        let TerminatorKind::Call { func, unwind, .. } = &mut terminator.kind else {
+            return;
+        };
+
+        let Some((def_id, _)) = func.const_fn_def() else {
+            return;
+        };
+
+        let body_ty = self.tcx.type_of(def_id).skip_binder();
+        let body_abi = match body_ty.kind() {
+            ty::FnDef(..) => body_ty.fn_sig(self.tcx).abi(),
+            ty::Closure(..) => Abi::RustCall,
+            ty::Coroutine(..) => Abi::Rust,
+            _ => bug!("unexpected body ty: {:?}", body_ty),
+        };
+
+        if !layout::fn_can_unwind(self.tcx, Some(def_id), body_abi) {
+            *unwind = UnwindAction::Unreachable;
+        }
+    }
+
     fn simplify_intrinsic_assert(
         &self,
         terminator: &mut Terminator<'tcx>,

library/core/src/char/convert.rs

@@ -27,7 +27,7 @@ pub(super) const unsafe fn from_u32_unchecked(i: u32) -> char {
     unsafe {
         assert_unsafe_precondition!(
             "invalid value for `char`",
-            (i: u32) => char_try_from_u32(i).is_ok()
+            (i => i:u32) => char_try_from_u32(i).is_ok()
         );
         transmute(i)
     }

library/core/src/hint.rs

@@ -148,7 +148,7 @@ pub const unsafe fn assert_unchecked(cond: bool) {
     unsafe {
         intrinsics::assert_unsafe_precondition!(
             "hint::assert_unchecked must never be called when the condition is false",
-            (cond: bool) => cond,
+            (cond => cond: bool) => cond,
         );
         crate::intrinsics::assume(cond);
     }

library/core/src/intrinsics.rs

@@ -2617,22 +2617,22 @@ pub const unsafe fn is_val_statically_known<T: Copy>(_arg: T) -> bool {
 /// the occasional mistake, and this check should help them figure things out.
 #[allow_internal_unstable(const_eval_select, delayed_debug_assertions)] // permit this to be called in stably-const fn
 macro_rules! assert_unsafe_precondition {
-    ($name:expr, ($($i:ident:$ty:ty),*$(,)?) => $e:expr $(,)?) => {
+    ($message:expr, ($($arg:expr => $name:ident:$ty:ty),*$(,)?) => $e:expr $(,)?) => {
         {
         #[inline(never)]
-        fn precondition_check($($i:$ty),*) {
+        #[rustc_nounwind]
+        fn precondition_check($($name:$ty),*) {
             if !$e {
                 ::core::panicking::panic_nounwind(
-                    concat!("unsafe precondition(s) violated: ", $name)
+                    concat!("unsafe precondition(s) violated: ", $message)
                 );
             }
         }
-        #[allow(non_snake_case)]
         #[inline]
         const fn comptime($(_:$ty),*) {}
 
         if ::core::intrinsics::debug_assertions() {
-            ::core::intrinsics::const_eval_select(($($i,)*), comptime, precondition_check);
+            ::core::intrinsics::const_eval_select(($($arg,)*), comptime, precondition_check);
         }
         }
     };
@@ -2643,7 +2643,32 @@ pub(crate) use assert_unsafe_precondition;
 /// `align_of::<T>()`.
 #[inline]
 pub(crate) fn is_aligned_and_not_null(ptr: *const (), align: usize) -> bool {
-    ptr.is_aligned_to(align) && !ptr.is_null()
+    !ptr.is_null() && ptr.is_aligned_to(align)
+}
+
+#[inline]
+pub(crate) fn is_valid_allocation_size(size: usize, len: usize) -> bool {
+    let max_len = if size == 0 { usize::MAX } else { isize::MAX as usize / size };
+    len <= max_len
+}
+
+pub(crate) fn is_nonoverlapping_mono(
+    src: *const (),
+    dst: *const (),
+    size: usize,
+    count: usize,
+) -> bool {
+    let src_usize = src.addr();
+    let dst_usize = dst.addr();
+    let Some(size) = size.checked_mul(count) else {
+        crate::panicking::panic_nounwind(
+            "is_nonoverlapping: `size_of::<T>() * count` overflows a usize",
+        )
+    };
+    let diff = src_usize.abs_diff(dst_usize);
+    // If the absolute distance between the ptrs is at least as big as the size of the buffer,
+    // they do not overlap.
+    diff >= size
 }
 
 /// Checks whether the regions of memory starting at `src` and `dst` of size
@@ -2755,70 +2780,31 @@ pub(crate) fn is_nonoverlapping<T>(src: *const T, dst: *const T, count: usize) -
 #[inline(always)]
 #[cfg_attr(miri, track_caller)] // even without panics, this helps for Miri backtraces
 #[rustc_diagnostic_item = "ptr_copy_nonoverlapping"]
-#[rustc_allow_const_fn_unstable(const_eval_select)]
 pub const unsafe fn copy_nonoverlapping<T>(src: *const T, dst: *mut T, count: usize) {
     extern "rust-intrinsic" {
         #[rustc_const_stable(feature = "const_intrinsic_copy", since = "1.63.0")]
         #[rustc_nounwind]
         pub fn copy_nonoverlapping<T>(src: *const T, dst: *mut T, count: usize);
     }
 
-    const fn compiletime(_: *const (), _: *mut (), _: usize, _: usize, _: usize) {}
-
     // SAFETY: the safety contract for `copy_nonoverlapping` must be
     // upheld by the caller.
     unsafe {
-        if crate::intrinsics::debug_assertions() {
-            const_eval_select(
-                (
-                    src as *const (),
-                    dst as *mut (),
-                    crate::mem::size_of::<T>(),
-                    crate::mem::align_of::<T>(),
-                    count,
-                ),
-                compiletime,
-                check_aligned_nonoverlapping,
-            );
-        }
-        copy_nonoverlapping(src, dst, count)
-    }
-}
-
-#[inline(never)]
-pub(crate) fn check_aligned_nonoverlapping(
-    src: *const (),
-    dst: *mut (),
-    size: usize,
-    align: usize,
-    count: usize,
-) {
-    if src.is_null() || dst.is_null() {
-        crate::panicking::panic_nounwind(
-            "ptr::copy_nonoverlapping requires that both pointer arguments are non-null",
-        );
-    }
-    if !src.is_aligned_to(align) || !dst.is_aligned_to(align) {
-        crate::panicking::panic_nounwind(
-            "ptr::copy_nonoverlapping requires that both pointer arguments are aligned",
-        );
-    }
-    let src_usize = src.addr();
-    let dst_usize = dst.addr();
-    let Some(size) = size.checked_mul(count) else {
-        crate::panicking::panic_nounwind(
-            "is_nonoverlapping: `size_of::<T>() * count` overflows a usize",
-        )
-    };
-    let diff = src_usize.abs_diff(dst_usize);
-    // If the absolute distance between the ptrs is at least as big as the size of the buffer,
-    // they do not overlap.
-    let is_nonoverlapping = diff >= size;
-
-    if !is_nonoverlapping {
-        crate::panicking::panic_nounwind(
-            "ptr::copy_nonoverlapping requires the specified memory ranges do not overlap",
+        assert_unsafe_precondition!(
+            "ptr::copy_nonoverlapping requires that both pointer arguments are aligned and non-null \
+            and the specified memory ranges do not overlap",
+            (
+                src as *const () => src: *const (),
+                dst as *mut () => dst: *mut (),
+                size_of::<T>() => size: usize,
+                align_of::<T>() => align: usize,
+                count => count: usize,
+            ) =>
+            is_aligned_and_not_null(src, align)
+                && is_aligned_and_not_null(dst, align)
+                && is_nonoverlapping_mono(src, dst, size, count)
         );
+        copy_nonoverlapping(src, dst, count)
     }
 }
 
@@ -2896,41 +2882,27 @@ pub(crate) fn check_aligned_nonoverlapping(
 #[inline(always)]
 #[cfg_attr(miri, track_caller)] // even without panics, this helps for Miri backtraces
 #[rustc_diagnostic_item = "ptr_copy"]
-#[rustc_allow_const_fn_unstable(const_eval_select)]
 pub const unsafe fn copy<T>(src: *const T, dst: *mut T, count: usize) {
     extern "rust-intrinsic" {
         #[rustc_const_stable(feature = "const_intrinsic_copy", since = "1.63.0")]
         #[rustc_nounwind]
         fn copy<T>(src: *const T, dst: *mut T, count: usize);
     }
 
-    const fn compiletime(_: *const (), _: *mut (), _: usize) {}
-
     // SAFETY: the safety contract for `copy` must be upheld by the caller.
     unsafe {
-        if crate::intrinsics::debug_assertions() {
-            const_eval_select(
-                (src as *const (), dst as *mut (), align_of::<T>()),
-                compiletime,
-                check_valid_copy,
-            );
-        }
-        copy(src, dst, count)
-    }
-}
-
-#[inline(never)]
-#[rustc_nounwind]
-fn check_valid_copy(src: *const (), dst: *mut (), align: usize) {
-    if src.is_null() || dst.is_null() {
-        crate::panicking::panic_nounwind(
-            "ptr::copy requires that both pointer arguments are non-null",
-        );
-    }
-    if !src.is_aligned_to(align) || !dst.is_aligned_to(align) {
-        crate::panicking::panic_nounwind(
-            "ptr::copy requires that both pointer arguments are aligned",
+        assert_unsafe_precondition!(
+            "ptr::copy_nonoverlapping requires that both pointer arguments are aligned and non-null \
+            and the specified memory ranges do not overlap",
+            (
+                src as *const () => src: *const (),
+                dst as *mut () => dst: *mut (),
+                align_of::<T>() => align: usize,
+            ) =>
+            is_aligned_and_not_null(src, align)
+                && is_aligned_and_not_null(dst, align)
         );
+        copy(src, dst, count)
     }
 }
 
@@ -2997,13 +2969,14 @@ pub const unsafe fn write_bytes<T>(dst: *mut T, val: u8, count: usize) {
         fn write_bytes<T>(dst: *mut T, val: u8, count: usize);
     }
 
-    let addr = dst as *const ();
-    let align = align_of::<T>();
     // SAFETY: the safety contract for `write_bytes` must be upheld by the caller.
     unsafe {
         assert_unsafe_precondition!(
             "ptr::write_bytes requires that the destination pointer is aligned and non-null",
-            (addr: *const (), align: usize) => is_aligned_and_not_null(addr, align)
+            (
+                dst as *const () => addr: *const (),
+                align_of::<T>() => align: usize
+            ) => is_aligned_and_not_null(addr, align)
         );
         write_bytes(dst, val, count)
     }

library/core/src/num/nonzero.rs

@@ -190,10 +190,9 @@ macro_rules! nonzero_integer {
             pub unsafe fn from_mut_unchecked(n: &mut $Int) -> &mut Self {
                 // SAFETY: Self is repr(transparent), and the value is assumed to be non-zero.
                 unsafe {
-                    let n_alias = &mut *n;
                     core::intrinsics::assert_unsafe_precondition!(
                         concat!(stringify!($Ty), "::from_mut_unchecked requires the argument to dereference as non-zero"),
-                        (n_alias: &mut $Int) => *n_alias != 0
+                        (&mut *n => n: &mut $Int) => *n != 0
                     );
                     &mut *(n as *mut $Int as *mut Self)
                 }

library/core/src/ptr/const_ptr.rs

@@ -806,14 +806,15 @@ impl<T: ?Sized> *const T {
     where
         T: Sized,
     {
-        let this = self as *const ();
-        let arg = origin as *const ();
         // SAFETY: The comparison has no side-effects, and the intrinsic
         // does this check internally in the CTFE implementation.
         unsafe {
             assert_unsafe_precondition!(
                 "ptr::sub_ptr requires `self >= origin`",
-                (this: *const (), arg: *const ()) => this >= arg
+                (
+                    self as *const () => this: *const (),
+                    origin as *const () => origin: *const (),
+                ) => this >= origin
             )
         };