Allow reading a *mut without an internal cast

scottmcm · scottmcm · commit de0ebde6da0a · 2023-05-04T23:43:52.000-07:00
diff --git a/compiler/rustc_hir_analysis/src/check/intrinsic.rs b/compiler/rustc_hir_analysis/src/check/intrinsic.rs
@@ -380,7 +380,7 @@ pub fn check_intrinsic_type(tcx: TyCtxt<'_>, it: &hir::ForeignItem<'_>) {
             sym::likely => (0, vec![tcx.types.bool], tcx.types.bool),
             sym::unlikely => (0, vec![tcx.types.bool], tcx.types.bool),
 
-            sym::read_via_copy => (1, vec![tcx.mk_imm_ptr(param(0))], param(0)),
+            sym::read_via_copy => (2, vec![param(0)], param(1)),
             sym::write_via_move => (1, vec![tcx.mk_mut_ptr(param(0)), param(0)], tcx.mk_unit()),
 
             sym::discriminant_value => {
diff --git a/library/core/src/intrinsics.rs b/library/core/src/intrinsics.rs
@@ -54,8 +54,9 @@
 )]
 #![allow(missing_docs)]
 
-use crate::marker::DiscriminantKind;
-use crate::marker::Tuple;
+#[cfg(not(bootstrap))]
+use crate::marker::PointerLike;
+use crate::marker::{DiscriminantKind, Tuple};
 use crate::mem;
 
 pub mod mir;
@@ -1429,7 +1430,7 @@ extern "rust-intrinsic" {
     #[must_use = "returns a new pointer rather than modifying its argument"]
     #[rustc_const_stable(feature = "const_ptr_offset", since = "1.61.0")]
     #[rustc_nounwind]
-    pub fn offset<Ptr, Delta>(dst: Ptr, offset: Delta) -> Ptr;
+    pub fn offset<Ptr: PointerLike, Delta>(dst: Ptr, offset: Delta) -> Ptr;
 
     /// The bootstrap version of this is more restricted.
     #[cfg(bootstrap)]
@@ -2257,9 +2258,21 @@ extern "rust-intrinsic" {
     /// This is an implementation detail of [`crate::ptr::read`] and should
     /// not be used anywhere else.  See its comments for why this exists.
     ///
-    /// This intrinsic can *only* be called where the pointer is a local without
+    /// `Ptr` must be some kind of pointer to `T`.
+    ///
+    /// This intrinsic can *only* be called where the `ptr` is a local without
     /// projections (`read_via_copy(ptr)`, not `read_via_copy(*ptr)`) so that it
     /// trivially obeys runtime-MIR rules about derefs in operands.
+    ///
+    /// Not meeting the above requirements may arbitrarily misbehave, and
+    /// per MCP#620 that's *not* a compiler bug.
+    #[cfg(not(bootstrap))]
+    #[rustc_const_unstable(feature = "const_ptr_read", issue = "80377")]
+    #[rustc_nounwind]
+    pub fn read_via_copy<Ptr: PointerLike, T>(ptr: Ptr) -> T;
+
+    /// The bootstrap version of this intrinsic is more limited.
+    #[cfg(bootstrap)]
     #[rustc_const_unstable(feature = "const_ptr_read", issue = "80377")]
     #[rustc_nounwind]
     pub fn read_via_copy<T>(ptr: *const T) -> T;
diff --git a/library/core/src/mem/mod.rs b/library/core/src/mem/mod.rs
@@ -909,11 +909,12 @@ pub fn take<T: Default>(dest: &mut T) -> T {
 #[rustc_const_unstable(feature = "const_replace", issue = "83164")]
 #[cfg_attr(not(test), rustc_diagnostic_item = "mem_replace")]
 pub const fn replace<T>(dest: &mut T, src: T) -> T {
+    let dest: *mut T = dest;
     // SAFETY: We read from `dest` but directly write `src` into it afterwards,
     // such that the old value is not duplicated. Nothing is dropped and
     // nothing here can panic.
     unsafe {
-        let result = ptr::read(dest);
+        let result = ptr::read_mut(dest);
         ptr::write(dest, src);
         result
     }
diff --git a/library/core/src/ptr/mod.rs b/library/core/src/ptr/mod.rs
@@ -1168,7 +1168,23 @@ pub const unsafe fn read<T>(src: *const T) -> T {
             "ptr::read requires that the pointer argument is aligned and non-null",
             [T](src: *const T) => is_aligned_and_not_null(src)
         );
-        crate::intrinsics::read_via_copy(src)
+        intrinsics::read_via_copy(src)
+    }
+}
+
+/// Like [`read`], but on `*mut` to avoid a `&raw const*`.
+///
+/// # Safety
+///
+/// Same as [`read`].
+pub(crate) const unsafe fn read_mut<T>(src: *mut T) -> T {
+    // SAFETY: see `read` above
+    unsafe {
+        assert_unsafe_precondition!(
+            "ptr::read requires that the pointer argument is aligned and non-null",
+            [T](src: *mut T) => is_aligned_and_not_null(src)
+        );
+        intrinsics::read_via_copy(src)
     }
 }
 
diff --git a/library/core/src/ptr/mut_ptr.rs b/library/core/src/ptr/mut_ptr.rs
@@ -1312,8 +1312,8 @@ impl<T: ?Sized> *mut T {
     where
         T: Sized,
     {
-        // SAFETY: the caller must uphold the safety contract for ``.
-        unsafe { read(self) }
+        // SAFETY: the caller must uphold the safety contract for `read_mut`.
+        unsafe { read_mut(self) }
     }
 
     /// Performs a volatile read of the value from `self` without moving it. This
diff --git a/tests/mir-opt/lower_intrinsics.option_payload.LowerIntrinsics.diff b/tests/mir-opt/lower_intrinsics.option_payload.LowerIntrinsics.diff
@@ -24,7 +24,7 @@
           _4 = &raw const (*_1);           // scope 1 at $DIR/lower_intrinsics.rs:+2:55: +2:56
 -         _3 = option_payload_ptr::<usize>(move _4) -> [return: bb1, unwind unreachable]; // scope 1 at $DIR/lower_intrinsics.rs:+2:18: +2:57
 -                                          // mir::Constant
--                                          // + span: $DIR/lower_intrinsics.rs:137:18: 137:54
+-                                          // + span: $DIR/lower_intrinsics.rs:142:18: 142:54
 -                                          // + literal: Const { ty: unsafe extern "rust-intrinsic" fn(*const Option<usize>) -> *const usize {option_payload_ptr::<usize>}, val: Value(<ZST>) }
 +         _3 = &raw const (((*_4) as Some).0: usize); // scope 1 at $DIR/lower_intrinsics.rs:+2:18: +2:57
 +         goto -> bb1;                     // scope 1 at $DIR/lower_intrinsics.rs:+2:18: +2:57
@@ -37,7 +37,7 @@
           _6 = &raw const (*_2);           // scope 2 at $DIR/lower_intrinsics.rs:+3:55: +3:56
 -         _5 = option_payload_ptr::<String>(move _6) -> [return: bb2, unwind unreachable]; // scope 2 at $DIR/lower_intrinsics.rs:+3:18: +3:57
 -                                          // mir::Constant
--                                          // + span: $DIR/lower_intrinsics.rs:138:18: 138:54
+-                                          // + span: $DIR/lower_intrinsics.rs:143:18: 143:54
 -                                          // + literal: Const { ty: unsafe extern "rust-intrinsic" fn(*const Option<String>) -> *const String {option_payload_ptr::<String>}, val: Value(<ZST>) }
 +         _5 = &raw const (((*_6) as Some).0: std::string::String); // scope 2 at $DIR/lower_intrinsics.rs:+3:18: +3:57
 +         goto -> bb2;                     // scope 2 at $DIR/lower_intrinsics.rs:+3:18: +3:57
diff --git a/tests/mir-opt/lower_intrinsics.ptr_offset.LowerIntrinsics.diff b/tests/mir-opt/lower_intrinsics.ptr_offset.LowerIntrinsics.diff
@@ -15,7 +15,7 @@
           _4 = _2;                         // scope 0 at $DIR/lower_intrinsics.rs:+1:33: +1:34
 -         _0 = offset::<*const i32, isize>(move _3, move _4) -> [return: bb1, unwind unreachable]; // scope 0 at $DIR/lower_intrinsics.rs:+1:5: +1:35
 -                                          // mir::Constant
--                                          // + span: $DIR/lower_intrinsics.rs:144:5: 144:29
+-                                          // + span: $DIR/lower_intrinsics.rs:149:5: 149:29
 -                                          // + literal: Const { ty: unsafe extern "rust-intrinsic" fn(*const i32, isize) -> *const i32 {offset::<*const i32, isize>}, val: Value(<ZST>) }
 +         _0 = Offset(move _3, move _4);   // scope 0 at $DIR/lower_intrinsics.rs:+1:5: +1:35
 +         goto -> bb1;                     // scope 0 at $DIR/lower_intrinsics.rs:+1:5: +1:35
diff --git a/tests/mir-opt/lower_intrinsics.ptr_offset_mut.LowerIntrinsics.diff b/tests/mir-opt/lower_intrinsics.ptr_offset_mut.LowerIntrinsics.diff
@@ -0,0 +1,30 @@
+- // MIR for `ptr_offset_mut` before LowerIntrinsics
++ // MIR for `ptr_offset_mut` after LowerIntrinsics
+  
+  fn ptr_offset_mut(_1: *mut i32, _2: usize) -> *mut i32 {
+      debug p => _1;                       // in scope 0 at $DIR/lower_intrinsics.rs:+0:30: +0:31
+      debug d => _2;                       // in scope 0 at $DIR/lower_intrinsics.rs:+0:43: +0:44
+      let mut _0: *mut i32;                // return place in scope 0 at $DIR/lower_intrinsics.rs:+0:56: +0:64
+      let mut _3: *mut i32;                // in scope 0 at $DIR/lower_intrinsics.rs:+1:30: +1:31
+      let mut _4: usize;                   // in scope 0 at $DIR/lower_intrinsics.rs:+1:33: +1:34
+  
+      bb0: {
+          StorageLive(_3);                 // scope 0 at $DIR/lower_intrinsics.rs:+1:30: +1:31
+          _3 = _1;                         // scope 0 at $DIR/lower_intrinsics.rs:+1:30: +1:31
+          StorageLive(_4);                 // scope 0 at $DIR/lower_intrinsics.rs:+1:33: +1:34
+          _4 = _2;                         // scope 0 at $DIR/lower_intrinsics.rs:+1:33: +1:34
+-         _0 = offset::<*mut i32, usize>(move _3, move _4) -> [return: bb1, unwind unreachable]; // scope 0 at $DIR/lower_intrinsics.rs:+1:5: +1:35
+-                                          // mir::Constant
+-                                          // + span: $DIR/lower_intrinsics.rs:154:5: 154:29
+-                                          // + literal: Const { ty: unsafe extern "rust-intrinsic" fn(*mut i32, usize) -> *mut i32 {offset::<*mut i32, usize>}, val: Value(<ZST>) }
++         _0 = Offset(move _3, move _4);   // scope 0 at $DIR/lower_intrinsics.rs:+1:5: +1:35
++         goto -> bb1;                     // scope 0 at $DIR/lower_intrinsics.rs:+1:5: +1:35
+      }
+  
+      bb1: {
+          StorageDead(_4);                 // scope 0 at $DIR/lower_intrinsics.rs:+1:34: +1:35
+          StorageDead(_3);                 // scope 0 at $DIR/lower_intrinsics.rs:+1:34: +1:35
+          return;                          // scope 0 at $DIR/lower_intrinsics.rs:+2:2: +2:2
+      }
+  }
+  
diff --git a/tests/mir-opt/lower_intrinsics.read_via_copy_mut.LowerIntrinsics.diff b/tests/mir-opt/lower_intrinsics.read_via_copy_mut.LowerIntrinsics.diff
@@ -0,0 +1,25 @@
+- // MIR for `read_via_copy_mut` before LowerIntrinsics
++ // MIR for `read_via_copy_mut` after LowerIntrinsics
+  
+  fn read_via_copy_mut(_1: *mut i64) -> i64 {
+      debug r => _1;                       // in scope 0 at $DIR/lower_intrinsics.rs:+0:33: +0:34
+      let mut _0: i64;                     // return place in scope 0 at $DIR/lower_intrinsics.rs:+0:49: +0:52
+      let mut _2: *mut i64;                // in scope 0 at $DIR/lower_intrinsics.rs:+1:37: +1:38
+  
+      bb0: {
+          StorageLive(_2);                 // scope 0 at $DIR/lower_intrinsics.rs:+1:37: +1:38
+          _2 = _1;                         // scope 0 at $DIR/lower_intrinsics.rs:+1:37: +1:38
+-         _0 = read_via_copy::<*mut i64, i64>(move _2) -> [return: bb1, unwind unreachable]; // scope 0 at $DIR/lower_intrinsics.rs:+1:5: +1:39
+-                                          // mir::Constant
+-                                          // + span: $DIR/lower_intrinsics.rs:129:5: 129:36
+-                                          // + literal: Const { ty: unsafe extern "rust-intrinsic" fn(*mut i64) -> i64 {read_via_copy::<*mut i64, i64>}, val: Value(<ZST>) }
++         _0 = (*_2);                      // scope 0 at $DIR/lower_intrinsics.rs:+1:5: +1:39
++         goto -> bb1;                     // scope 0 at $DIR/lower_intrinsics.rs:+1:5: +1:39
+      }
+  
+      bb1: {
+          StorageDead(_2);                 // scope 0 at $DIR/lower_intrinsics.rs:+1:38: +1:39
+          return;                          // scope 0 at $DIR/lower_intrinsics.rs:+2:2: +2:2
+      }
+  }
+  
diff --git a/tests/mir-opt/lower_intrinsics.read_via_copy_primitive.LowerIntrinsics.diff b/tests/mir-opt/lower_intrinsics.read_via_copy_primitive.LowerIntrinsics.diff
@@ -4,17 +4,17 @@
   fn read_via_copy_primitive(_1: &i32) -> i32 {
       debug r => _1;                       // in scope 0 at $DIR/lower_intrinsics.rs:+0:32: +0:33
       let mut _0: i32;                     // return place in scope 0 at $DIR/lower_intrinsics.rs:+0:44: +0:47
-      let mut _2: *const i32;              // in scope 0 at $DIR/lower_intrinsics.rs:+1:46: +1:47
+      let mut _2: &i32;                    // in scope 0 at $DIR/lower_intrinsics.rs:+1:46: +1:47
       scope 1 {
       }
   
       bb0: {
           StorageLive(_2);                 // scope 1 at $DIR/lower_intrinsics.rs:+1:46: +1:47
-          _2 = &raw const (*_1);           // scope 1 at $DIR/lower_intrinsics.rs:+1:46: +1:47
--         _0 = read_via_copy::<i32>(move _2) -> [return: bb1, unwind unreachable]; // scope 1 at $DIR/lower_intrinsics.rs:+1:14: +1:48
+          _2 = _1;                         // scope 1 at $DIR/lower_intrinsics.rs:+1:46: +1:47
+-         _0 = read_via_copy::<&i32, i32>(move _2) -> [return: bb1, unwind unreachable]; // scope 1 at $DIR/lower_intrinsics.rs:+1:14: +1:48
 -                                          // mir::Constant
 -                                          // + span: $DIR/lower_intrinsics.rs:119:14: 119:45
--                                          // + literal: Const { ty: unsafe extern "rust-intrinsic" fn(*const i32) -> i32 {read_via_copy::<i32>}, val: Value(<ZST>) }
+-                                          // + literal: Const { ty: unsafe extern "rust-intrinsic" fn(&i32) -> i32 {read_via_copy::<&i32, i32>}, val: Value(<ZST>) }
 +         _0 = (*_2);                      // scope 1 at $DIR/lower_intrinsics.rs:+1:14: +1:48
 +         goto -> bb1;                     // scope 1 at $DIR/lower_intrinsics.rs:+1:14: +1:48
       }
diff --git a/tests/mir-opt/lower_intrinsics.read_via_copy_uninhabited.LowerIntrinsics.diff b/tests/mir-opt/lower_intrinsics.read_via_copy_uninhabited.LowerIntrinsics.diff
@@ -4,17 +4,17 @@
   fn read_via_copy_uninhabited(_1: &Never) -> Never {
       debug r => _1;                       // in scope 0 at $DIR/lower_intrinsics.rs:+0:34: +0:35
       let mut _0: Never;                   // return place in scope 0 at $DIR/lower_intrinsics.rs:+0:48: +0:53
-      let mut _2: *const Never;            // in scope 0 at $DIR/lower_intrinsics.rs:+1:46: +1:47
+      let mut _2: &Never;                  // in scope 0 at $DIR/lower_intrinsics.rs:+1:46: +1:47
       scope 1 {
       }
   
       bb0: {
           StorageLive(_2);                 // scope 1 at $DIR/lower_intrinsics.rs:+1:46: +1:47
-          _2 = &raw const (*_1);           // scope 1 at $DIR/lower_intrinsics.rs:+1:46: +1:47
--         _0 = read_via_copy::<Never>(move _2) -> unwind unreachable; // scope 1 at $DIR/lower_intrinsics.rs:+1:14: +1:48
+          _2 = _1;                         // scope 1 at $DIR/lower_intrinsics.rs:+1:46: +1:47
+-         _0 = read_via_copy::<&Never, Never>(move _2) -> unwind unreachable; // scope 1 at $DIR/lower_intrinsics.rs:+1:14: +1:48
 -                                          // mir::Constant
 -                                          // + span: $DIR/lower_intrinsics.rs:124:14: 124:45
--                                          // + literal: Const { ty: unsafe extern "rust-intrinsic" fn(*const Never) -> Never {read_via_copy::<Never>}, val: Value(<ZST>) }
+-                                          // + literal: Const { ty: unsafe extern "rust-intrinsic" fn(&Never) -> Never {read_via_copy::<&Never, Never>}, val: Value(<ZST>) }
 +         unreachable;                     // scope 1 at $DIR/lower_intrinsics.rs:+1:14: +1:48
       }
   }
diff --git a/tests/mir-opt/lower_intrinsics.rs b/tests/mir-opt/lower_intrinsics.rs
@@ -124,6 +124,11 @@ pub fn read_via_copy_uninhabited(r: &Never) -> Never {
     unsafe { core::intrinsics::read_via_copy(r) }
 }
 
+// EMIT_MIR lower_intrinsics.read_via_copy_mut.LowerIntrinsics.diff
+pub unsafe fn read_via_copy_mut(r: *mut i64) -> i64 {
+    core::intrinsics::read_via_copy(r)
+}
+
 // EMIT_MIR lower_intrinsics.write_via_move_string.LowerIntrinsics.diff
 pub fn write_via_move_string(r: &mut String, v: String) {
     unsafe { core::intrinsics::write_via_move(r, v) }
@@ -143,3 +148,8 @@ pub fn option_payload(o: &Option<usize>, p: &Option<String>) {
 pub unsafe fn ptr_offset(p: *const i32, d: isize) -> *const i32 {
     core::intrinsics::offset(p, d)
 }
+
+// EMIT_MIR lower_intrinsics.ptr_offset_mut.LowerIntrinsics.diff
+pub unsafe fn ptr_offset_mut(p: *mut i32, d: usize) -> *mut i32 {
+    core::intrinsics::offset(p, d)
+}
diff --git a/tests/mir-opt/lower_intrinsics.write_via_move_string.LowerIntrinsics.diff b/tests/mir-opt/lower_intrinsics.write_via_move_string.LowerIntrinsics.diff
@@ -17,7 +17,7 @@
           _4 = move _2;                    // scope 1 at $DIR/lower_intrinsics.rs:+1:50: +1:51
 -         _0 = write_via_move::<String>(move _3, move _4) -> [return: bb1, unwind unreachable]; // scope 1 at $DIR/lower_intrinsics.rs:+1:14: +1:52
 -                                          // mir::Constant
--                                          // + span: $DIR/lower_intrinsics.rs:129:14: 129:46
+-                                          // + span: $DIR/lower_intrinsics.rs:134:14: 134:46
 -                                          // + literal: Const { ty: unsafe extern "rust-intrinsic" fn(*mut String, String) {write_via_move::<String>}, val: Value(<ZST>) }
 +         (*_3) = move _4;                 // scope 1 at $DIR/lower_intrinsics.rs:+1:14: +1:52
 +         goto -> bb1;                     // scope 1 at $DIR/lower_intrinsics.rs:+1:14: +1:52
diff --git a/tests/mir-opt/pre-codegen/mem_replace.mem_replace.PreCodegen.after.mir b/tests/mir-opt/pre-codegen/mem_replace.mem_replace.PreCodegen.after.mir
diff --git a/tests/ui/const-ptr/out_of_bounds_read.stderr b/tests/ui/const-ptr/out_of_bounds_read.stderr
diff --git a/tests/ui/consts/missing_span_in_backtrace.stderr b/tests/ui/consts/missing_span_in_backtrace.stderr

Original file line number	Diff line number	Diff line change
`@@ -1312,8 +1312,8 @@ impl<T: ?Sized> *mut T {`
`1312`	`1312`	`where`
`1313`	`1313`	`T: Sized,`
`1314`	`1314`	`{`
`1315`		- // SAFETY: the caller must uphold the safety contract for ``.
`1316`		`- unsafe { read(self) }`
	`1315`	+ // SAFETY: the caller must uphold the safety contract for `read_mut`.
	`1316`	`+ unsafe { read_mut(self) }`
`1317`	`1317`	`}`
`1318`	`1318`
`1319`	`1319`	/// Performs a volatile read of the value from `self` without moving it. This