Skip to content

Commit

Permalink
Rollup merge of rust-lang#121242 - joboet:ptr_invalid_codegen, r=scot…
Browse files Browse the repository at this point in the history
…tmcm,Nilstrieb

Generate `getelementptr` instead of `inttoptr` for `ptr::invalid`

Currently, `ptr::invalid` [generates an `inttoptr`](https://godbolt.org/z/3cj15dEG1), which means LLVM doesn't know that the pointer shouldn't have provenance. This PR changes the implementation so that a `getelementptr` relative to the null pointer is generated, which LLVM knows not to have provenance.
  • Loading branch information
Noratrieb authored Feb 20, 2024
2 parents 736f958 + bb399b1 commit 5906e8e
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 12 deletions.
28 changes: 16 additions & 12 deletions library/core/src/ptr/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -537,7 +537,10 @@ pub unsafe fn drop_in_place<T: ?Sized>(to_drop: *mut T) {
#[rustc_allow_const_fn_unstable(ptr_metadata)]
#[rustc_diagnostic_item = "ptr_null"]
pub const fn null<T: ?Sized + Thin>() -> *const T {
from_raw_parts(invalid(0), ())
// Use transmute instead of casting so that Miri knows that the pointer is invalid.
// SAFETY: on all current platforms, usize and pointers have the same layout,
// and the validity invariant of pointers is the same as that of integers
unsafe { mem::transmute(0usize) }
}

/// Creates a null mutable raw pointer.
Expand All @@ -563,7 +566,10 @@ pub const fn null<T: ?Sized + Thin>() -> *const T {
#[rustc_allow_const_fn_unstable(ptr_metadata)]
#[rustc_diagnostic_item = "ptr_null_mut"]
pub const fn null_mut<T: ?Sized + Thin>() -> *mut T {
from_raw_parts_mut(invalid_mut(0), ())
// Use transmute instead of casting so that Miri knows that the pointer is invalid.
// SAFETY: on all current platforms, usize and pointers have the same layout,
// and the validity invariant of pointers is the same as that of integers
unsafe { mem::transmute(0usize) }
}

/// Creates an invalid pointer with the given address.
Expand All @@ -590,11 +596,10 @@ pub const fn null_mut<T: ?Sized + Thin>() -> *mut T {
#[unstable(feature = "strict_provenance", issue = "95228")]
pub const fn invalid<T>(addr: usize) -> *const T {
// FIXME(strict_provenance_magic): I am magic and should be a compiler intrinsic.
// We use transmute rather than a cast so tools like Miri can tell that this
// is *not* the same as from_exposed_addr.
// SAFETY: every valid integer is also a valid pointer (as long as you don't dereference that
// pointer).
unsafe { mem::transmute(addr) }
// We offset the null pointer instead of using a cast so that LLVM doesn't
// use inttoptr and so tools like Miri can tell that it is *not* the same
// as from_exposed_addr.
null::<T>().wrapping_byte_add(addr)
}

/// Creates an invalid mutable pointer with the given address.
Expand All @@ -621,11 +626,10 @@ pub const fn invalid<T>(addr: usize) -> *const T {
#[unstable(feature = "strict_provenance", issue = "95228")]
pub const fn invalid_mut<T>(addr: usize) -> *mut T {
// FIXME(strict_provenance_magic): I am magic and should be a compiler intrinsic.
// We use transmute rather than a cast so tools like Miri can tell that this
// is *not* the same as from_exposed_addr.
// SAFETY: every valid integer is also a valid pointer (as long as you don't dereference that
// pointer).
unsafe { mem::transmute(addr) }
// We offset the null pointer instead of using a cast so that LLVM doesn't
// use inttoptr and so tools like Miri can tell that it is *not* the same
// as from_exposed_addr.
null_mut::<T>().wrapping_byte_add(addr)
}

/// Convert an address back to a pointer, picking up a previously 'exposed' provenance.
Expand Down
15 changes: 15 additions & 0 deletions tests/codegen/strict-provenance.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
// compile-flags: -O

#![crate_type = "lib"]
#![feature(strict_provenance)]

use std::ptr;

// CHECK-LABEL: @invalid
#[no_mangle]
fn invalid(addr: usize) -> *const () {
// CHECK: start
// CHECK-NEXT: %0 = getelementptr i8, ptr null, i64 %addr
// CHECK-NEXT: ret ptr %0
ptr::invalid(addr)
}

0 comments on commit 5906e8e

Please sign in to comment.