Auto merge of rust-lang#120594 - saethlin:delayed-debug-asserts, r=<try>

Toggle assert_unsafe_precondition in codegen instead of expansion

r? `@ghost`

rust-lang#120539 (comment)

Author: bors

compiler/rustc_codegen_cranelift/src/intrinsics/mod.rs

@@ -438,6 +438,14 @@ fn codegen_regular_intrinsic_call<'tcx>(
             fx.bcx.ins().trap(TrapCode::User(0));
             return;
         }
+        sym::debug_assertions => {
+            let bool_layout = fx.layout_of(fx.tcx.types.bool);
+            let val = CValue::by_val(
+                fx.bcx.ins().iconst(types::I8, fx.tcx.sess.opts.debug_assertions as i64),
+                bool_layout,
+            );
+            ret.write_cvalue(fx, val);
+        }
         sym::likely | sym::unlikely => {
             intrinsic_args!(fx, args => (a); intrinsic);
 

compiler/rustc_codegen_ssa/src/mir/block.rs

@@ -676,7 +676,6 @@ impl<'a, 'tcx, Bx: BuilderMethods<'a, 'tcx>> FunctionCx<'a, 'tcx, Bx> {
         instance: Option<Instance<'tcx>>,
         source_info: mir::SourceInfo,
         target: Option<mir::BasicBlock>,
-        unwind: mir::UnwindAction,
         mergeable_succ: bool,
     ) -> Option<MergingSucc> {
         // Emit a panic or a no-op for `assert_*` intrinsics.
@@ -715,17 +714,19 @@ impl<'a, 'tcx, Bx: BuilderMethods<'a, 'tcx>> FunctionCx<'a, 'tcx, Bx> {
                     common::build_langcall(bx, Some(source_info.span), LangItem::PanicNounwind);
 
                 // Codegen the actual panic invoke/call.
-                helper.do_call(
+                let merging_succ = helper.do_call(
                     self,
                     bx,
                     fn_abi,
                     llfn,
                     &[msg.0, msg.1],
-                    target.as_ref().map(|bb| (ReturnDest::Nothing, *bb)),
-                    unwind,
+                    None,
+                    mir::UnwindAction::Unreachable,
                     &[],
-                    mergeable_succ,
-                )
+                    false,
+                );
+                assert_eq!(merging_succ, MergingSucc::False);
+                merging_succ
             } else {
                 // a NOP
                 let target = target.unwrap();
@@ -809,7 +810,6 @@ impl<'a, 'tcx, Bx: BuilderMethods<'a, 'tcx>> FunctionCx<'a, 'tcx, Bx> {
             instance,
             source_info,
             target,
-            unwind,
             mergeable_succ,
         ) {
             return merging_succ;

compiler/rustc_codegen_ssa/src/mir/intrinsic.rs

@@ -84,6 +84,7 @@ impl<'a, 'tcx, Bx: BuilderMethods<'a, 'tcx>> FunctionCx<'a, 'tcx, Bx> {
                 return;
             }
 
+            sym::debug_assertions => bx.const_bool(bx.tcx().sess.opts.debug_assertions),
             sym::va_start => bx.va_start(args[0].immediate()),
             sym::va_end => bx.va_end(args[0].immediate()),
             sym::size_of_val => {

compiler/rustc_const_eval/src/const_eval/machine.rs

@@ -536,6 +536,11 @@ impl<'mir, 'tcx> interpret::Machine<'mir, 'tcx> for CompileTimeInterpreter<'mir,
             // (We know the value here in the machine of course, but this is the runtime of that code,
             // not the optimization stage.)
             sym::is_val_statically_known => ecx.write_scalar(Scalar::from_bool(false), dest)?,
+
+            sym::debug_assertions => {
+                ecx.write_scalar(Scalar::from_bool(ecx.tcx.sess.opts.debug_assertions), dest)?
+            }
+
             _ => {
                 throw_unsup_format!(
                     "intrinsic `{intrinsic_name}` is not supported at compile-time"

compiler/rustc_hir_analysis/src/check/intrinsic.rs

@@ -112,7 +112,8 @@ pub fn intrinsic_operation_unsafety(tcx: TyCtxt<'_>, intrinsic_id: DefId) -> hir
         | sym::forget
         | sym::black_box
         | sym::variant_count
-        | sym::ptr_mask => hir::Unsafety::Normal,
+        | sym::ptr_mask
+        | sym::debug_assertions => hir::Unsafety::Normal,
         _ => hir::Unsafety::Unsafe,
     };
 
@@ -461,6 +462,8 @@ pub fn check_intrinsic_type(tcx: TyCtxt<'_>, it: &hir::ForeignItem<'_>) {
                 (0, vec![Ty::new_imm_ptr(tcx, Ty::new_unit(tcx))], tcx.types.usize)
             }
 
+            sym::debug_assertions => (0, Vec::new(), tcx.types.bool),
+
             other => {
                 tcx.dcx().emit_err(UnrecognizedIntrinsicFunction { span: it.span, name: other });
                 return;

library/core/src/intrinsics.rs

@@ -2569,6 +2569,12 @@ extern "rust-intrinsic" {
     #[rustc_nounwind]
     #[cfg(not(bootstrap))]
     pub fn is_val_statically_known<T: Copy>(arg: T) -> bool;
+
+    #[rustc_const_unstable(feature = "delayed_debug_assertions", issue = "none")]
+    #[rustc_safe_intrinsic]
+    #[rustc_nounwind]
+    #[cfg(not(bootstrap))]
+    pub(crate) fn debug_assertions() -> bool;
 }
 
 // FIXME: Seems using `unstable` here completely ignores `rustc_allow_const_fn_unstable`
@@ -2604,27 +2610,37 @@ pub const unsafe fn is_val_statically_known<T: Copy>(_arg: T) -> bool {
 ///
 /// So in a sense it is UB if this macro is useful, but we expect callers of `unsafe fn` to make
 /// the occasional mistake, and this check should help them figure things out.
-#[allow_internal_unstable(const_eval_select)] // permit this to be called in stably-const fn
+#[allow_internal_unstable(const_eval_select, delayed_debug_assertions)] // permit this to be called in stably-const fn
 macro_rules! assert_unsafe_precondition {
     ($name:expr, $([$($tt:tt)*])?($($i:ident:$ty:ty),*$(,)?) => $e:expr $(,)?) => {
-        if cfg!(debug_assertions) {
-            // allow non_snake_case to allow capturing const generics
-            #[allow(non_snake_case)]
-            #[inline(always)]
-            fn runtime$(<$($tt)*>)?($($i:$ty),*) {
-                if !$e {
-                    // don't unwind to reduce impact on code size
-                    ::core::panicking::panic_nounwind(
-                        concat!("unsafe precondition(s) violated: ", $name)
-                    );
-                }
+        {
+        // allow non_snake_case to allow capturing const generics
+        #[allow(non_snake_case)]
+        #[inline(always)]
+        fn runtime$(<$($tt)*>)?($($i:$ty),*) {
+            #[cfg(miri)]
+            return;
+            if !$e {
+                // don't unwind to reduce impact on code size
+                ::core::panicking::panic_nounwind(
+                    concat!("unsafe precondition(s) violated: ", $name)
+                );
             }
-            #[allow(non_snake_case)]
-            #[inline]
-            const fn comptime$(<$($tt)*>)?($(_:$ty),*) {}
+        }
+        #[allow(non_snake_case)]
+        #[inline]
+        const fn comptime$(<$($tt)*>)?($(_:$ty),*) {}
 
+        #[cfg(bootstrap)]
+        if cfg!(debug_assertions) {
             ::core::intrinsics::const_eval_select(($($i,)*), comptime, runtime);
         }
+
+        #[cfg(not(bootstrap))]
+        if ::core::intrinsics::debug_assertions() {
+            ::core::intrinsics::const_eval_select(($($i,)*), comptime, runtime);
+        }
+        }
     };
 }
 pub(crate) use assert_unsafe_precondition;
@@ -2633,19 +2649,20 @@ pub(crate) use assert_unsafe_precondition;
 /// `align_of::<T>()`.
 #[inline]
 pub(crate) fn is_aligned_and_not_null<T>(ptr: *const T) -> bool {
-    !ptr.is_null() && ptr.is_aligned()
+    ((ptr.addr() & const { crate::mem::align_of::<T>() - 1 }) == 0) & (ptr.addr() != 0)
 }
 
+/*
 /// Checks whether an allocation of `len` instances of `T` exceeds
 /// the maximum allowed allocation size.
 #[inline]
 pub(crate) fn is_valid_allocation_size<T>(len: usize) -> bool {
-    let max_len = const {
+    len <= const {
         let size = crate::mem::size_of::<T>();
         if size == 0 { usize::MAX } else { isize::MAX as usize / size }
     };
-    len <= max_len
 }
+*/
 
 /// Checks whether the regions of memory starting at `src` and `dst` of size
 /// `count * size_of::<T>()` do *not* overlap.
@@ -2763,6 +2780,7 @@ pub const unsafe fn copy_nonoverlapping<T>(src: *const T, dst: *mut T, count: us
     // SAFETY: the safety contract for `copy_nonoverlapping` must be
     // upheld by the caller.
     unsafe {
+        /*
         assert_unsafe_precondition!(
             "ptr::copy_nonoverlapping requires that both pointer arguments are aligned and non-null \
             and the specified memory ranges do not overlap",
@@ -2771,6 +2789,7 @@ pub const unsafe fn copy_nonoverlapping<T>(src: *const T, dst: *mut T, count: us
                 && is_aligned_and_not_null(dst)
                 && is_nonoverlapping(src, dst, count)
         );
+        */
         copy_nonoverlapping(src, dst, count)
     }
 }
@@ -2858,11 +2877,13 @@ pub const unsafe fn copy<T>(src: *const T, dst: *mut T, count: usize) {
 
     // SAFETY: the safety contract for `copy` must be upheld by the caller.
     unsafe {
+        /*
         assert_unsafe_precondition!(
             "ptr::copy requires that both pointer arguments are aligned and non-null",
             [T](src: *const T, dst: *mut T) =>
             is_aligned_and_not_null(src) && is_aligned_and_not_null(dst)
         );
+        */
         copy(src, dst, count)
     }
 }

library/core/src/ptr/mod.rs

@@ -1208,10 +1208,12 @@ pub const unsafe fn read<T>(src: *const T) -> T {
 
     // SAFETY: the caller must guarantee that `src` is valid for reads.
     unsafe {
+        /*
         assert_unsafe_precondition!(
             "ptr::read requires that the pointer argument is aligned and non-null",
             [T](src: *const T) => is_aligned_and_not_null(src)
         );
+        */
         crate::intrinsics::read_via_copy(src)
     }
 }
@@ -1408,10 +1410,12 @@ pub const unsafe fn write<T>(dst: *mut T, src: T) {
     // `dst` cannot overlap `src` because the caller has mutable access
     // to `dst` while `src` is owned by this function.
     unsafe {
+        /*
         assert_unsafe_precondition!(
             "ptr::write requires that the pointer argument is aligned and non-null",
             [T](dst: *mut T) => is_aligned_and_not_null(dst)
         );
+        */
         intrinsics::write_via_move(dst, src)
     }
 }

library/core/src/ptr/non_null.rs

@@ -2,7 +2,7 @@ use crate::cmp::Ordering;
 use crate::fmt;
 use crate::hash;
 use crate::intrinsics;
-use crate::intrinsics::assert_unsafe_precondition;
+//use crate::intrinsics::assert_unsafe_precondition;
 use crate::marker::Unsize;
 use crate::mem::SizedTypeProperties;
 use crate::mem::{self, MaybeUninit};
@@ -218,7 +218,7 @@ impl<T: ?Sized> NonNull<T> {
     pub const unsafe fn new_unchecked(ptr: *mut T) -> Self {
         // SAFETY: the caller must guarantee that `ptr` is non-null.
         unsafe {
-            assert_unsafe_precondition!("NonNull::new_unchecked requires that the pointer is non-null", [T: ?Sized](ptr: *mut T) => !ptr.is_null());
+            //assert_unsafe_precondition!("NonNull::new_unchecked requires that the pointer is non-null", [T: ?Sized](ptr: *mut T) => !ptr.is_null());
             NonNull { pointer: ptr as _ }
         }
     }

library/core/src/slice/raw.rs

@@ -1,9 +1,11 @@
 //! Free functions to create `&[T]` and `&mut [T]`.
 
 use crate::array;
+/*
 use crate::intrinsics::{
     assert_unsafe_precondition, is_aligned_and_not_null, is_valid_allocation_size,
 };
+*/
 use crate::ops::Range;
 use crate::ptr;
 
@@ -94,11 +96,13 @@ use crate::ptr;
 pub const unsafe fn from_raw_parts<'a, T>(data: *const T, len: usize) -> &'a [T] {
     // SAFETY: the caller must uphold the safety contract for `from_raw_parts`.
     unsafe {
+        /*
         assert_unsafe_precondition!(
             "slice::from_raw_parts requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX`",
             [T](data: *const T, len: usize) => is_aligned_and_not_null(data)
                 && is_valid_allocation_size::<T>(len)
         );
+        */
         &*ptr::slice_from_raw_parts(data, len)
     }
 }
@@ -141,11 +145,13 @@ pub const unsafe fn from_raw_parts<'a, T>(data: *const T, len: usize) -> &'a [T]
 pub const unsafe fn from_raw_parts_mut<'a, T>(data: *mut T, len: usize) -> &'a mut [T] {
     // SAFETY: the caller must uphold the safety contract for `from_raw_parts_mut`.
     unsafe {
+        /*
         assert_unsafe_precondition!(
             "slice::from_raw_parts_mut requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX`",
             [T](data: *mut T, len: usize) => is_aligned_and_not_null(data)
                 && is_valid_allocation_size::<T>(len)
         );
+        */
         &mut *ptr::slice_from_raw_parts_mut(data, len)
     }
 }

tests/mir-opt/dataflow-const-prop/default_boxed_slice.main.DataflowConstProp.32bit.panic-abort.diff

@@ -25,28 +25,7 @@
                           scope 11 (inlined NonNull::<[bool; 0]>::new_unchecked) {
                               debug ptr => _6;
                               let mut _8: *const [bool; 0];
-                              let mut _9: *mut [bool; 0];
                               scope 12 {
-                                  scope 13 (inlined NonNull::<T>::new_unchecked::runtime::<[bool; 0]>) {
-                                      debug ptr => _9;
-                                      scope 14 (inlined std::ptr::mut_ptr::<impl *mut [bool; 0]>::is_null) {
-                                          debug self => _9;
-                                          let mut _10: *mut u8;
-                                          scope 15 {
-                                              scope 16 (inlined std::ptr::mut_ptr::<impl *mut T>::is_null::runtime_impl) {
-                                                  debug ptr => _10;
-                                                  scope 17 (inlined std::ptr::mut_ptr::<impl *mut u8>::addr) {
-                                                      debug self => _10;
-                                                      scope 18 {
-                                                          scope 19 (inlined std::ptr::mut_ptr::<impl *mut u8>::cast::<()>) {
-                                                              debug self => _10;
-                                                          }
-                                                      }
-                                                  }
-                                              }
-                                          }
-                                      }
-                                  }
                               }
                           }
                       }
@@ -74,12 +53,8 @@
           _6 = const {0x1 as *mut [bool; 0]};
           StorageDead(_7);
           StorageLive(_8);
-          StorageLive(_9);
-          StorageLive(_10);
           _8 = const {0x1 as *mut [bool; 0]} as *const [bool; 0] (PointerCoercion(MutToConstPointer));
           _5 = NonNull::<[bool; 0]> { pointer: _8 };
-          StorageDead(_10);
-          StorageDead(_9);
           StorageDead(_8);
           StorageDead(_6);
           _4 = Unique::<[bool; 0]> { pointer: move _5, _marker: const PhantomData::<[bool; 0]> };

tests/mir-opt/dataflow-const-prop/default_boxed_slice.main.DataflowConstProp.32bit.panic-unwind.diff

@@ -25,28 +25,7 @@
                           scope 11 (inlined NonNull::<[bool; 0]>::new_unchecked) {
                               debug ptr => _6;
                               let mut _8: *const [bool; 0];
-                              let mut _9: *mut [bool; 0];
                               scope 12 {
-                                  scope 13 (inlined NonNull::<T>::new_unchecked::runtime::<[bool; 0]>) {
-                                      debug ptr => _9;
-                                      scope 14 (inlined std::ptr::mut_ptr::<impl *mut [bool; 0]>::is_null) {
-                                          debug self => _9;
-                                          let mut _10: *mut u8;
-                                          scope 15 {
-                                              scope 16 (inlined std::ptr::mut_ptr::<impl *mut T>::is_null::runtime_impl) {
-                                                  debug ptr => _10;
-                                                  scope 17 (inlined std::ptr::mut_ptr::<impl *mut u8>::addr) {
-                                                      debug self => _10;
-                                                      scope 18 {
-                                                          scope 19 (inlined std::ptr::mut_ptr::<impl *mut u8>::cast::<()>) {
-                                                              debug self => _10;
-                                                          }
-                                                      }
-                                                  }
-                                              }
-                                          }
-                                      }
-                                  }
                               }
                           }
                       }
@@ -74,12 +53,8 @@
           _6 = const {0x1 as *mut [bool; 0]};
           StorageDead(_7);
           StorageLive(_8);
-          StorageLive(_9);
-          StorageLive(_10);
           _8 = const {0x1 as *mut [bool; 0]} as *const [bool; 0] (PointerCoercion(MutToConstPointer));
           _5 = NonNull::<[bool; 0]> { pointer: _8 };
-          StorageDead(_10);
-          StorageDead(_9);
           StorageDead(_8);
           StorageDead(_6);
           _4 = Unique::<[bool; 0]> { pointer: move _5, _marker: const PhantomData::<[bool; 0]> };