mikros/rust
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rollup merge of #131384 - saethlin:precondition-tests, r=ibraheemdev

Browse Source 
Update precondition tests (especially for zero-size access to null)

I don't much like the current way I've updated the precondition check helpers, but I couldn't come up with anything better. Ideas welcome.

I've organized `tests/ui/precondition-checks` mostly with one file per function that has `assert_unsafe_precondition` in it, with revisions that check each precondition. The important new test is `tests/ui/precondition-checks/zero-size-null.rs`.
This commit is contained in:
Matthias Krüger 2024-10-14 17:06:36 +02:00 committed by GitHub
commit 32062b4b8e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
39 changed files with 500 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
library/core/src/ascii/ascii_char.rs
View File

@ -506,7 +506,7 @@ pub const fn digit(d: u8) -> Option<Self> {
pub const unsafe fn digit_unchecked(d: u8) -> Self { pub const unsafe fn digit_unchecked(d: u8) -> Self {
assert_unsafe_precondition!( assert_unsafe_precondition!(
check_language_ub, check_language_ub,
"`AsciiChar::digit_unchecked` input cannot exceed 9.", "`ascii::Char::digit_unchecked` input cannot exceed 9.",
(d: u8 = d) => d < 10 (d: u8 = d) => d < 10
); );

19
library/core/src/intrinsics.rs
View File

@ -64,6 +64,7 @@
#![allow(missing_docs)] #![allow(missing_docs)]
use crate::marker::{DiscriminantKind, Tuple}; use crate::marker::{DiscriminantKind, Tuple};
use crate::mem::SizedTypeProperties;
use crate::{ptr, ub_checks}; use crate::{ptr, ub_checks};
pub mod mir; pub mod mir;
@ -3364,10 +3365,12 @@ pub const fn ptr_metadata<P: ptr::Pointee<Metadata = M> + ?Sized, M>(_ptr: *cons
size: usize = size_of::<T>(), size: usize = size_of::<T>(),
align: usize = align_of::<T>(), align: usize = align_of::<T>(),
count: usize = count, count: usize = count,
) => ) => {
ub_checks::is_aligned_and_not_null(src, align) let zero_size = count == 0 || size == 0;
&& ub_checks::is_aligned_and_not_null(dst, align) ub_checks::is_aligned_and_not_null(src, align, zero_size)
&& ub_checks::is_nonoverlapping(src, dst, size, count) && ub_checks::is_aligned_and_not_null(dst, align, zero_size)
&& ub_checks::is_nonoverlapping(src, dst, size, count)
}
); );
// SAFETY: the safety contract for `copy_nonoverlapping` must be // SAFETY: the safety contract for `copy_nonoverlapping` must be
@ -3465,9 +3468,10 @@ pub const fn ptr_metadata<P: ptr::Pointee<Metadata = M> + ?Sized, M>(_ptr: *cons
src: *const () = src as *const (), src: *const () = src as *const (),
dst: *mut () = dst as *mut (), dst: *mut () = dst as *mut (),
align: usize = align_of::<T>(), align: usize = align_of::<T>(),
zero_size: bool = T::IS_ZST || count == 0,
) => ) =>
ub_checks::is_aligned_and_not_null(src, align) ub_checks::is_aligned_and_not_null(src, align, zero_size)
&& ub_checks::is_aligned_and_not_null(dst, align) && ub_checks::is_aligned_and_not_null(dst, align, zero_size)
); );
copy(src, dst, count) copy(src, dst, count)
} }
@ -3544,7 +3548,8 @@ pub const fn ptr_metadata<P: ptr::Pointee<Metadata = M> + ?Sized, M>(_ptr: *cons
( (
addr: *const () = dst as *const (), addr: *const () = dst as *const (),
align: usize = align_of::<T>(), align: usize = align_of::<T>(),
) => ub_checks::is_aligned_and_not_null(addr, align) zero_size: bool = T::IS_ZST || count == 0,
) => ub_checks::is_aligned_and_not_null(addr, align, zero_size)
); );
write_bytes(dst, val, count) write_bytes(dst, val, count)
} }

27
library/core/src/ptr/mod.rs
View File

@ -448,7 +448,7 @@
use crate::cmp::Ordering; use crate::cmp::Ordering;
use crate::marker::FnPtr; use crate::marker::FnPtr;
use crate::mem::{self, MaybeUninit}; use crate::mem::{self, MaybeUninit, SizedTypeProperties};
use crate::{fmt, hash, intrinsics, ub_checks}; use crate::{fmt, hash, intrinsics, ub_checks};
mod alignment; mod alignment;
@ -1165,10 +1165,12 @@ macro_rules! attempt_swap_as_chunks {
size: usize = size_of::<T>(), size: usize = size_of::<T>(),
align: usize = align_of::<T>(), align: usize = align_of::<T>(),
count: usize = count, count: usize = count,
) => ) => {
ub_checks::is_aligned_and_not_null(x, align) let zero_size = size == 0 || count == 0;
&& ub_checks::is_aligned_and_not_null(y, align) ub_checks::is_aligned_and_not_null(x, align, zero_size)
&& ub_checks::is_nonoverlapping(x, y, size, count) && ub_checks::is_aligned_and_not_null(y, align, zero_size)
&& ub_checks::is_nonoverlapping(x, y, size, count)
}
); );
// Split up the slice into small power-of-two-sized chunks that LLVM is able // Split up the slice into small power-of-two-sized chunks that LLVM is able
@ -1278,7 +1280,8 @@ macro_rules! attempt_swap_as_chunks {
( (
addr: *const () = dst as *const (), addr: *const () = dst as *const (),
align: usize = align_of::<T>(), align: usize = align_of::<T>(),
) => ub_checks::is_aligned_and_not_null(addr, align) is_zst: bool = T::IS_ZST,
) => ub_checks::is_aligned_and_not_null(addr, align, is_zst)
); );
mem::replace(&mut *dst, src) mem::replace(&mut *dst, src)
} }
@ -1430,7 +1433,8 @@ macro_rules! attempt_swap_as_chunks {
( (
addr: *const () = src as *const (), addr: *const () = src as *const (),
align: usize = align_of::<T>(), align: usize = align_of::<T>(),
) => ub_checks::is_aligned_and_not_null(addr, align) is_zst: bool = T::IS_ZST,
) => ub_checks::is_aligned_and_not_null(addr, align, is_zst)
); );
crate::intrinsics::read_via_copy(src) crate::intrinsics::read_via_copy(src)
} }
@ -1635,7 +1639,8 @@ macro_rules! attempt_swap_as_chunks {
( (
addr: *mut () = dst as *mut (), addr: *mut () = dst as *mut (),
align: usize = align_of::<T>(), align: usize = align_of::<T>(),
) => ub_checks::is_aligned_and_not_null(addr, align) is_zst: bool = T::IS_ZST,
) => ub_checks::is_aligned_and_not_null(addr, align, is_zst)
); );
intrinsics::write_via_move(dst, src) intrinsics::write_via_move(dst, src)
} }
@ -1808,7 +1813,8 @@ pub unsafe fn read_volatile<T>(src: *const T) -> T {
( (
addr: *const () = src as *const (), addr: *const () = src as *const (),
align: usize = align_of::<T>(), align: usize = align_of::<T>(),
) => ub_checks::is_aligned_and_not_null(addr, align) is_zst: bool = T::IS_ZST,
) => ub_checks::is_aligned_and_not_null(addr, align, is_zst)
); );
intrinsics::volatile_load(src) intrinsics::volatile_load(src)
} }
@ -1887,7 +1893,8 @@ pub unsafe fn write_volatile<T>(dst: *mut T, src: T) {
( (
addr: *mut () = dst as *mut (), addr: *mut () = dst as *mut (),
align: usize = align_of::<T>(), align: usize = align_of::<T>(),
) => ub_checks::is_aligned_and_not_null(addr, align) is_zst: bool = T::IS_ZST,
) => ub_checks::is_aligned_and_not_null(addr, align, is_zst)
); );
intrinsics::volatile_store(dst, src); intrinsics::volatile_store(dst, src);
} }

4
library/core/src/slice/raw.rs
View File

@ -132,7 +132,7 @@
align: usize = align_of::<T>(), align: usize = align_of::<T>(),
len: usize = len, len: usize = len,
) => ) =>
ub_checks::is_aligned_and_not_null(data, align) ub_checks::is_aligned_and_not_null(data, align, false)
&& ub_checks::is_valid_allocation_size(size, len) && ub_checks::is_valid_allocation_size(size, len)
); );
&*ptr::slice_from_raw_parts(data, len) &*ptr::slice_from_raw_parts(data, len)
@ -187,7 +187,7 @@
align: usize = align_of::<T>(), align: usize = align_of::<T>(),
len: usize = len, len: usize = len,
) => ) =>
ub_checks::is_aligned_and_not_null(data, align) ub_checks::is_aligned_and_not_null(data, align, false)
&& ub_checks::is_valid_allocation_size(size, len) && ub_checks::is_valid_allocation_size(size, len)
); );
&mut *ptr::slice_from_raw_parts_mut(data, len) &mut *ptr::slice_from_raw_parts_mut(data, len)

8
library/core/src/ub_checks.rs
View File

@ -109,15 +109,15 @@ const fn comptime() -> bool {
intrinsics::ub_checks() && const_eval_select((), comptime, runtime) intrinsics::ub_checks() && const_eval_select((), comptime, runtime)
} }
/// Checks whether `ptr` is properly aligned with respect to /// Checks whether `ptr` is properly aligned with respect to the given alignment, and
/// `align_of::<T>()`. /// if `is_zst == false`, that `ptr` is not null.
/// ///
/// In `const` this is approximate and can fail spuriously. It is primarily intended /// In `const` this is approximate and can fail spuriously. It is primarily intended
/// for `assert_unsafe_precondition!` with `check_language_ub`, in which case the /// for `assert_unsafe_precondition!` with `check_language_ub`, in which case the
/// check is anyway not executed in `const`. /// check is anyway not executed in `const`.
#[inline] #[inline]
pub(crate) const fn is_aligned_and_not_null(ptr: *const (), align: usize) -> bool { pub(crate) const fn is_aligned_and_not_null(ptr: *const (), align: usize, is_zst: bool) -> bool {
!ptr.is_null() && ptr.is_aligned_to(align) ptr.is_aligned_to(align) && (is_zst || !ptr.is_null())
} }
#[inline] #[inline]

11
tests/ui/precondition-checks/alignment.rs Normal file
View File

@ -0,0 +1,11 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: Alignment::new_unchecked requires
#![feature(ptr_alignment_type)]
fn main() {
unsafe {
std::ptr::Alignment::new_unchecked(0);
}
}

11
tests/ui/precondition-checks/ascii-char-digit_unchecked.rs Normal file
View File

@ -0,0 +1,11 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: `ascii::Char::digit_unchecked` input cannot exceed 9
#![feature(ascii_char)]
fn main() {
unsafe {
std::ascii::Char::digit_unchecked(b'a');
}
}

9
tests/ui/precondition-checks/assert_unchecked.rs Normal file
View File

@ -0,0 +1,9 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: hint::assert_unchecked must never be called when the condition is false
fn main() {
unsafe {
std::hint::assert_unchecked(false);
}
}

9
tests/ui/precondition-checks/char-from_u32_unchecked.rs Normal file
View File

@ -0,0 +1,9 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: invalid value for `char`
fn main() {
unsafe {
char::from_u32_unchecked(0xD801);
}
}

25
tests/ui/precondition-checks/copy-nonoverlapping.rs Normal file
View File

@ -0,0 +1,25 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: ptr::copy_nonoverlapping requires
//@ revisions: null_src null_dst misaligned_src misaligned_dst overlapping
use std::ptr;
fn main() {
let src = [0u16; 3];
let mut dst = [0u16; 3];
let src = src.as_ptr();
let dst = dst.as_mut_ptr();
unsafe {
#[cfg(null_src)]
ptr::copy_nonoverlapping(ptr::null(), dst, 1);
#[cfg(null_dst)]
ptr::copy_nonoverlapping(src, ptr::null_mut(), 1);
#[cfg(misaligned_src)]
ptr::copy_nonoverlapping(src.byte_add(1), dst, 1);
#[cfg(misaligned_dst)]
ptr::copy_nonoverlapping(src, dst.byte_add(1), 1);
#[cfg(overlapping)]
ptr::copy_nonoverlapping(dst, dst.add(1), 2);
}
}

23
tests/ui/precondition-checks/copy.rs Normal file
View File

@ -0,0 +1,23 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: ptr::copy requires
//@ revisions: null_src null_dst misaligned_src misaligned_dst
use std::ptr;
fn main() {
let src = [0u16; 3];
let mut dst = [0u16; 3];
let src = src.as_ptr();
let dst = dst.as_mut_ptr();
unsafe {
#[cfg(null_src)]
ptr::copy(ptr::null(), dst, 1);
#[cfg(null_dst)]
ptr::copy(src, ptr::null_mut(), 1);
#[cfg(misaligned_src)]
ptr::copy(src.byte_add(1), dst, 1);
#[cfg(misaligned_dst)]
ptr::copy(src, dst.byte_add(1), 1);
}
}

15
tests/ui/precondition-checks/layout.rs Normal file
View File

@ -0,0 +1,15 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: Layout::from_size_align_unchecked requires
//@ revisions: toolarge badalign
//@[toolarge] compile-flags: --cfg toolarge
//@[badalign] compile-flags: --cfg badalign
fn main() {
unsafe {
#[cfg(toolarge)]
std::alloc::Layout::from_size_align_unchecked(isize::MAX as usize, 2);
#[cfg(badalign)]
std::alloc::Layout::from_size_align_unchecked(1, 3);
}
}

10
tests/ui/precondition-checks/misaligned-slice.rs
View File

@ -1,10 +0,0 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: slice::from_raw_parts
//@ ignore-debug
fn main() {
unsafe {
let _s: &[u64] = std::slice::from_raw_parts(1usize as *const u64, 0);
}
}

9
tests/ui/precondition-checks/nonnull.rs Normal file
View File

@ -0,0 +1,9 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: NonNull::new_unchecked requires
fn main() {
unsafe {
std::ptr::NonNull::new_unchecked(std::ptr::null_mut::<u8>());
}
}

12
tests/ui/precondition-checks/nonzero-from_mut_unchecked.rs Normal file
View File

@ -0,0 +1,12 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: NonZero::from_mut_unchecked requires
#![feature(nonzero_from_mut)]
fn main() {
unsafe {
let mut num = 0u8;
std::num::NonZeroU8::from_mut_unchecked(&mut num);
}
}

9
tests/ui/precondition-checks/nonzero-new_unchecked.rs Normal file
View File

@ -0,0 +1,9 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: NonZero::new_unchecked requires
fn main() {
unsafe {
std::num::NonZeroU8::new_unchecked(0);
}
}

10
tests/ui/precondition-checks/null-slice.rs
View File

@ -1,10 +0,0 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: slice::from_raw_parts
//@ ignore-debug
fn main() {
unsafe {
let _s: &[u8] = std::slice::from_raw_parts(std::ptr::null(), 0);
}
}

11
tests/ui/precondition-checks/out-of-bounds-get-unchecked.rs
View File

@ -1,11 +0,0 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: slice::get_unchecked requires
//@ ignore-debug
fn main() {
unsafe {
let sli: &[u8] = &[0];
sli.get_unchecked(1);
}
}

18
tests/ui/precondition-checks/read.rs Normal file
View File

@ -0,0 +1,18 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: ptr::read requires
//@ revisions: null misaligned
//@ ignore-test
use std::ptr;
fn main() {
let src = [0u16; 2];
let src = src.as_ptr();
unsafe {
#[cfg(null)]
ptr::read(ptr::null::<u8>());
#[cfg(misaligned)]
ptr::read(src.byte_add(1));
}
}

17
tests/ui/precondition-checks/read_volatile.rs Normal file
View File

@ -0,0 +1,17 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: ptr::read_volatile requires
//@ revisions: null misaligned
use std::ptr;
fn main() {
let src = [0u16; 2];
let src = src.as_ptr();
unsafe {
#[cfg(null)]
ptr::read_volatile(ptr::null::<u8>());
#[cfg(misaligned)]
ptr::read_volatile(src.byte_add(1));
}
}

17
tests/ui/precondition-checks/replace.rs Normal file
View File

@ -0,0 +1,17 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: ptr::replace requires
//@ revisions: null misaligned
use std::ptr;
fn main() {
let mut dst = [0u16; 2];
let dst = dst.as_mut_ptr();
unsafe {
#[cfg(null)]
ptr::replace(ptr::null_mut::<u8>(), 1);
#[cfg(misaligned)]
ptr::replace(dst.byte_add(1), 1u16);
}
}

16
tests/ui/precondition-checks/slice-from-raw-parts-mut.rs Normal file
View File

@ -0,0 +1,16 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: slice::from_raw_parts_mut requires
//@ revisions: null misaligned toolarge
fn main() {
unsafe {
#[cfg(null)]
let _s: &mut [u8] = std::slice::from_raw_parts_mut(std::ptr::null_mut(), 0);
#[cfg(misaligned)]
let _s: &mut [u16] = std::slice::from_raw_parts_mut(1usize as *mut u16, 0);
#[cfg(toolarge)]
let _s: &mut [u16] =
std::slice::from_raw_parts_mut(2usize as *mut u16, isize::MAX as usize);
}
}

15
tests/ui/precondition-checks/slice-from-raw-parts.rs Normal file
View File

@ -0,0 +1,15 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: slice::from_raw_parts requires
//@ revisions: null misaligned toolarge
fn main() {
unsafe {
#[cfg(null)]
let _s: &[u8] = std::slice::from_raw_parts(std::ptr::null(), 0);
#[cfg(misaligned)]
let _s: &[u16] = std::slice::from_raw_parts(1usize as *const u16, 0);
#[cfg(toolarge)]
let _s: &[u16] = std::slice::from_raw_parts(2usize as *const u16, isize::MAX as usize);
}
}

20
tests/ui/precondition-checks/slice-get_unchecked.rs Normal file
View File

@ -0,0 +1,20 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: slice::get_unchecked requires
//@ revisions: usize range range_to range_from backwards_range
fn main() {
unsafe {
let s = &[0];
#[cfg(usize)]
s.get_unchecked(1);
#[cfg(range)]
s.get_unchecked(1..2);
#[cfg(range_to)]
s.get_unchecked(..2);
#[cfg(range_from)]
s.get_unchecked(2..);
#[cfg(backwards_range)]
s.get_unchecked(1..0);
}
}

20
tests/ui/precondition-checks/slice-get_unchecked_mut.rs Normal file
View File

@ -0,0 +1,20 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: slice::get_unchecked_mut requires
//@ revisions: usize range range_to range_from backwards_range
fn main() {
unsafe {
let mut s = &mut [0];
#[cfg(usize)]
s.get_unchecked_mut(1);
#[cfg(range)]
s.get_unchecked_mut(1..2);
#[cfg(range_to)]
s.get_unchecked_mut(..2);
#[cfg(range_from)]
s.get_unchecked_mut(2..);
#[cfg(backwards_range)]
s.get_unchecked_mut(1..0);
}
}

14
tests/ui/precondition-checks/slice-swap_unchecked.rs Normal file
View File

@ -0,0 +1,14 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: index out of bounds: the len is 2 but the index is 2
//@ revisions: oob_a oob_b
fn main() {
let mut pair = [0u8; 2];
unsafe {
#[cfg(oob_a)]
pair.swap(0, 2);
#[cfg(oob_b)]
pair.swap(2, 0);
}
}

18
tests/ui/precondition-checks/str-get_unchecked.rs Normal file
View File

@ -0,0 +1,18 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: str::get_unchecked requires
//@ revisions: range range_to range_from backwards_range
fn main() {
unsafe {
let s = "💅";
#[cfg(range)]
s.get_unchecked(4..5);
#[cfg(range_to)]
s.get_unchecked(..5);
#[cfg(range_from)]
s.get_unchecked(5..);
#[cfg(backwards_range)]
s.get_unchecked(1..0);
}
}

19
tests/ui/precondition-checks/str-get_unchecked_mut.rs Normal file
View File

@ -0,0 +1,19 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: str::get_unchecked_mut requires
//@ revisions: range range_to range_from backwards_range
fn main() {
unsafe {
let mut s: String = "💅".chars().collect();
let mut s: &mut str = &mut s;
#[cfg(range)]
s.get_unchecked_mut(4..5);
#[cfg(range_to)]
s.get_unchecked_mut(..5);
#[cfg(range_from)]
s.get_unchecked_mut(5..);
#[cfg(backwards_range)]
s.get_unchecked_mut(1..0);
}
}

25
tests/ui/precondition-checks/swap-nonoverlapping.rs Normal file
View File

@ -0,0 +1,25 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: ptr::swap_nonoverlapping requires
//@ revisions: null_src null_dst misaligned_src misaligned_dst overlapping
use std::ptr;
fn main() {
let mut src = [0u16; 3];
let mut dst = [0u16; 3];
let src = src.as_mut_ptr();
let dst = dst.as_mut_ptr();
unsafe {
#[cfg(null_src)]
ptr::swap_nonoverlapping(ptr::null_mut(), dst, 1);
#[cfg(null_dst)]
ptr::swap_nonoverlapping(src, ptr::null_mut(), 1);
#[cfg(misaligned_src)]
ptr::swap_nonoverlapping(src.byte_add(1), dst, 1);
#[cfg(misaligned_dst)]
ptr::swap_nonoverlapping(src, dst.byte_add(1), 1);
#[cfg(overlapping)]
ptr::swap_nonoverlapping(dst, dst.add(1), 2);
}
}

9
tests/ui/precondition-checks/unchecked_add.rs Normal file
View File

@ -0,0 +1,9 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: u8::unchecked_add cannot overflow
fn main() {
unsafe {
1u8.unchecked_add(u8::MAX);
}
}

9
tests/ui/precondition-checks/unchecked_mul.rs Normal file
View File

@ -0,0 +1,9 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: u8::unchecked_add cannot overflow
fn main() {
unsafe {
2u8.unchecked_add(u8::MAX);
}
}

11
tests/ui/precondition-checks/unchecked_shl.rs Normal file
View File

@ -0,0 +1,11 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: u8::unchecked_shl cannot overflow
#![feature(unchecked_shifts)]
fn main() {
unsafe {
0u8.unchecked_shl(u8::BITS);
}
}

11
tests/ui/precondition-checks/unchecked_shr.rs Normal file
View File

@ -0,0 +1,11 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: u8::unchecked_shr cannot overflow
#![feature(unchecked_shifts)]
fn main() {
unsafe {
0u8.unchecked_shr(u8::BITS);
}
}

9
tests/ui/precondition-checks/unchecked_sub.rs Normal file
View File

@ -0,0 +1,9 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: u8::unchecked_sub cannot overflow
fn main() {
unsafe {
0u8.unchecked_sub(1u8);
}
}

9
tests/ui/precondition-checks/unreachable_unchecked.rs Normal file
View File

@ -0,0 +1,9 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: hint::unreachable_unchecked must never be reached
fn main() {
unsafe {
std::hint::unreachable_unchecked();
}
}

18
tests/ui/precondition-checks/write.rs Normal file
View File

@ -0,0 +1,18 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: ptr::write requires
//@ revisions: null misaligned
//@ ignore-test
use std::ptr;
fn main() {
let mut dst = [0u16; 2];
let mut dst = dst.as_mut_ptr();
unsafe {
#[cfg(null)]
ptr::write(ptr::null_mut::<u8>(), 1u8);
#[cfg(misaligned)]
ptr::write(dst.byte_add(1), 1u16);
}
}

18
tests/ui/precondition-checks/write_bytes.rs Normal file
View File

@ -0,0 +1,18 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: ptr::write requires
//@ revisions: null misaligned
//@ ignore-test
use std::ptr;
fn main() {
let mut dst = [0u16; 2];
let mut dst = dst.as_mut_ptr();
unsafe {
#[cfg(null)]
ptr::write_bytes(ptr::null_mut::<u8>(), 1u8, 2);
#[cfg(misaligned)]
ptr::write_bytes(dst.byte_add(1), 1u8, 2);
}
}

17
tests/ui/precondition-checks/write_volatile.rs Normal file
View File

@ -0,0 +1,17 @@
//@ run-fail
//@ compile-flags: -Copt-level=3 -Cdebug-assertions=no -Zub-checks=yes
//@ error-pattern: unsafe precondition(s) violated: ptr::write_volatile requires
//@ revisions: null misaligned
use std::ptr;
fn main() {
let mut dst = [0u16; 2];
let mut dst = dst.as_mut_ptr();
unsafe {
#[cfg(null)]
ptr::write_volatile(ptr::null_mut::<u8>(), 1u8);
#[cfg(misaligned)]
ptr::write_volatile(dst.byte_add(1), 1u16);
}
}

21
tests/ui/precondition-checks/zero-size-null.rs Normal file
View File

@ -0,0 +1,21 @@
// Test that none of the precondition checks panic on zero-sized reads or writes through null.
//@ run-pass
//@ compile-flags: -Zmir-opt-level=0 -Copt-level=0 -Cdebug-assertions=yes
use std::ptr;
fn main() {
unsafe {
ptr::copy_nonoverlapping::<u8>(ptr::null(), ptr::null_mut(), 0);
ptr::copy_nonoverlapping::<()>(ptr::null(), ptr::null_mut(), 123);
ptr::copy::<u8>(ptr::null(), ptr::null_mut(), 0);
ptr::copy::<()>(ptr::null(), ptr::null_mut(), 123);
ptr::swap::<()>(ptr::null_mut(), ptr::null_mut());
ptr::replace::<()>(ptr::null_mut(), ());
ptr::read::<()>(ptr::null());
ptr::write::<()>(ptr::null_mut(), ());
ptr::read_volatile::<()>(ptr::null());
ptr::write_volatile::<()>(ptr::null_mut(), ());
}
}