Apply suggestions from code review

comment nits Co-authored-by: Ralf Jung <post@ralfj.de>
2021-01-03 14:20:51 +01:00 · 2021-01-03 14:20:51 +01:00 · e5330a4f52
commit e5330a4f52
parent ba3a876592
2 changed files with 9 additions and 4 deletions
--- a/compiler/rustc_mir/src/transform/check_consts/ops.rs
+++ b/compiler/rustc_mir/src/transform/check_consts/ops.rs
@ -232,7 +232,7 @@ impl NonConstOp for TransientCellBorrow {
 }

 #[derive(Debug)]
-/// A borrow of a type that contains an `UnsafeCell` somewhere. The borrow escapes to
+/// A borrow of a type that contains an `UnsafeCell` somewhere. The borrow might escape to
 /// the final value of the constant, and thus we cannot allow this (for now). We may allow
 /// it in the future for static items.
 pub struct CellBorrow;
--- a/compiler/rustc_mir/src/transform/check_consts/validation.rs
+++ b/compiler/rustc_mir/src/transform/check_consts/validation.rs
@ -584,14 +584,19 @@ impl Visitor<'tcx> for Validator<'mir, 'tcx> {
                if borrowed_place_has_mut_interior {
                    match self.const_kind() {
                        // In a const fn all borrows are transient or point to the places given via
-                        // references in the arguments. The borrow checker guarantees that.
+                        // references in the arguments (so we already checked them with
+                        // TransientCellBorrow/CellBorrow as appropriate).
+                        // The borrow checker guarantees that no new non-transient borrows are created.
                        // NOTE: Once we have heap allocations during CTFE we need to figure out
                        // how to prevent `const fn` to create long-lived allocations that point
                        // to (interior) mutable memory.
                        hir::ConstContext::ConstFn => self.check_op(ops::TransientCellBorrow),
                        _ => {
-                            // Locals without StorageDead follow the "enclosing scope" rule, meaning
-                            // they are essentially anonymous static items themselves.
+                            // Locals StorageDead are known to not leak to the final constant, and
+                            // it is thus inherently safe to permit such locals to have their
+                            // address taken as we can't end up with a reference to them in the
+                            // final value without creating a dangling pointer, which will cause
+                            // errors during validation.
                            // Note: This is only sound if every local that has a `StorageDead` has a
                            // `StorageDead` in every control flow path leading to a `return` terminator.
                            if self.local_has_storage_dead(place.local) {