add overflow_checks intrinsic

Author: pitaj

compiler/rustc_hir_analysis/src/check/intrinsic.rs

@@ -120,6 +120,7 @@ fn intrinsic_operation_unsafety(tcx: TyCtxt<'_>, intrinsic_id: LocalDefId) -> hi
         | sym::contract_checks
         | sym::contract_check_requires
         | sym::contract_check_ensures
+        | sym::overflow_checks
         | sym::fadd_algebraic
         | sym::fsub_algebraic
         | sym::fmul_algebraic
@@ -591,7 +592,7 @@ pub(crate) fn check_intrinsic_type(
             sym::aggregate_raw_ptr => (3, 0, vec![param(1), param(2)], param(0)),
             sym::ptr_metadata => (2, 0, vec![Ty::new_imm_ptr(tcx, param(0))], param(1)),
 
-            sym::ub_checks => (0, 0, Vec::new(), tcx.types.bool),
+            sym::ub_checks | sym::overflow_checks => (0, 0, Vec::new(), tcx.types.bool),
 
             sym::box_new => (1, 0, vec![param(0)], Ty::new_box(tcx, param(0))),
 

compiler/rustc_middle/src/mir/pretty.rs

@@ -1138,6 +1138,9 @@ impl<'tcx> Debug for Rvalue<'tcx> {
                     NullOp::RuntimeChecks(RuntimeChecks::ContractChecks) => {
                         write!(fmt, "ContractChecks()")
                     }
+                    NullOp::RuntimeChecks(RuntimeChecks::OverflowChecks) => {
+                        write!(fmt, "OverflowChecks()")
+                    }
                 }
             }
             ThreadLocalRef(did) => ty::tls::with(|tcx| {

compiler/rustc_middle/src/mir/syntax.rs

@@ -1600,6 +1600,9 @@ pub enum RuntimeChecks {
     /// Returns whether we should perform contract-checking at runtime.
     /// See the `contract_checks` intrinsic docs for details.
     ContractChecks,
+    /// Returns whether we should perform some overflow-checking at runtime.
+    /// See the `overflow_checks` intrinsic docs for details.
+    OverflowChecks,
 }
 
 impl RuntimeChecks {

compiler/rustc_mir_transform/src/lower_intrinsics.rs

@@ -23,10 +23,11 @@ impl<'tcx> crate::MirPass<'tcx> for LowerIntrinsics {
                     sym::unreachable => {
                         terminator.kind = TerminatorKind::Unreachable;
                     }
-                    sym::ub_checks => {
+                    sym::ub_checks | sym::overflow_checks => {
                         let op = match intrinsic.name {
                             sym::ub_checks => RuntimeChecks::UbChecks,
                             sym::contract_checks => RuntimeChecks::ContractChecks,
+                            sym::overflow_checks => RuntimeChecks::OverflowChecks,
                             _ => unreachable!(),
                         };
                         let target = target.unwrap();

compiler/rustc_smir/src/rustc_smir/convert/mir.rs

@@ -295,6 +295,7 @@ impl<'tcx> Stable<'tcx> for mir::NullOp<'tcx> {
             RuntimeChecks(kind) => stable_mir::mir::NullOp::RuntimeChecks(match kind {
                 UbChecks => stable_mir::mir::RuntimeChecks::UbChecks,
                 ContractChecks => stable_mir::mir::RuntimeChecks::ContractChecks,
+                OverflowChecks => stable_mir::mir::RuntimeChecks::OverflowChecks,
             }),
         }
     }

compiler/rustc_smir/src/stable_mir/mir/body.rs

@@ -1049,6 +1049,8 @@ pub enum RuntimeChecks {
     UbChecks,
     /// cfg!(contract_checks), but at codegen time
     ContractChecks,
+    /// cfg!(overflow_checks), but at codegen time
+    OverflowChecks,
 }
 
 impl Operand {

library/core/src/intrinsics/mod.rs

@@ -3346,6 +3346,26 @@ pub const unsafe fn typed_swap_nonoverlapping<T>(x: *mut T, y: *mut T) {
 pub const fn ub_checks() -> bool {
     cfg!(ub_checks)
 }
+/// Returns whether we should perform some overflow-checking at runtime. This eventually evaluates to
+/// `cfg!(overflow_checks)`, but behaves different from `cfg!` when mixing crates built with different
+/// flags: if the crate has UB checks enabled or carries the `#[rustc_preserve_overflow_checks]`
+/// attribute, evaluation is delayed until monomorphization (or until the call gets inlined into
+/// a crate that does not delay evaluation further); otherwise it can happen any time.
+///
+/// The common case here is a user program built with overflow_checks linked against the distributed
+/// sysroot which is built without overflow_checks but with `#[rustc_preserve_overflow_checks]`.
+/// For code that gets monomorphized in the user crate (i.e., generic functions and functions with
+/// `#[inline]`), gating assertions on `overflow_checks()` rather than `cfg!(overflow_checks)` means that
+/// assertions are enabled whenever the *user crate* has UB checks enabled. However if the
+/// user has overflow checks disabled, the checks will still get optimized out.
+#[cfg(not(bootstrap))]
+#[rustc_const_unstable(feature = "const_overflow_checks", issue = "none")]
+#[unstable(feature = "const_overflow_checks", issue = "none")]
+#[inline(always)]
+#[rustc_intrinsic]
+pub const fn overflow_checks() -> bool {
+    cfg!(debug_assertions)
+}
 
 /// Allocates a block of memory at compile time.
 /// At runtime, just returns a null pointer.

tests/codegen/auxiliary/overflow_checks_add.rs

@@ -0,0 +1,14 @@
+//@ compile-flags: -Cdebug-assertions=yes
+
+#![crate_type = "lib"]
+#![feature(strict_overflow_ops)]
+#![feature(rustc_attrs)]
+#![feature(core_intrinsics)]
+
+/// Emulates the default behavior of `+` using
+/// `intrinsics::overflow_checks()`.
+#[inline]
+#[rustc_inherit_overflow_checks]
+pub fn add(a: u8, b: u8) -> u8 {
+    if core::intrinsics::overflow_checks() { a.strict_add(b) } else { a.wrapping_add(b) }
+}

tests/codegen/overflow-checks.rs

@@ -0,0 +1,29 @@
+// With -Coverflow-checks=yes (enabled by default by -Cdebug-assertions=yes) we will produce a
+// runtime check that panics when an operation would result in integer overflow.
+//
+// This test ensures that such a runtime check is *not* emitted when debug-assertions are enabled,
+// but overflow-checks are explicitly disabled. It also ensures that even if a dependency is
+// compiled with overflow checks, `intrinsics::overflow_checks()` will be treated with the
+// overflow-checks setting of the current crate (when `#[rustc_inherit_overflow_checks]`) is used.
+
+//@ aux-build:overflow_checks_add.rs
+//@ revisions: DEBUG NOCHECKS
+//@ [DEBUG] compile-flags:
+//@ [NOCHECKS] compile-flags: -Coverflow-checks=no
+//@ compile-flags: -O -Cdebug-assertions=yes
+
+#![crate_type = "lib"]
+
+extern crate overflow_checks_add;
+
+// CHECK-LABEL: @add(
+#[no_mangle]
+pub unsafe fn add(a: u8, b: u8) -> u8 {
+    //    CHECK: i8 noundef %a, i8 noundef %b
+    //    DEBUG: @llvm.uadd.with.overflow.i8
+    //    DEBUG: call core::num::overflow_panic::add
+    //    DEBUG: unreachable
+    // NOCHECKS: %0 = add i8 %b, %a
+    // NOCHECKS: ret i8 %0
+    overflow_checks_add::add(a, b)
+}