A pointer cannot be equal to an integer if that would imply the null pointer is misaligned or in-bounds of the pointer's allocation.

zachs18 · zachs18 · commit 2a24220ef5d9 · 2025-08-22T16:28:53.000-05:00
diff --git a/compiler/rustc_const_eval/src/const_eval/machine.rs b/compiler/rustc_const_eval/src/const_eval/machine.rs
@@ -280,37 +280,25 @@ impl<'tcx> CompileTimeInterpCx<'tcx> {
         interp_ok(match (a, b) {
             // Comparisons between integers are always known.
             (Scalar::Int(a), Scalar::Int(b)) => (a == b) as u8,
-            // Comparisons of null with an arbitrary scalar can be known if `scalar_may_be_null`
-            // indicates that the scalar can definitely *not* be null.
-            (Scalar::Int(int), ptr) | (ptr, Scalar::Int(int))
-                if int.is_null() && !self.scalar_may_be_null(ptr)? =>
-            {
-                0
-            }
-            // Other ways of comparing integers and pointers can never be known for sure,
-            // except for alignment, e.g. `1 as *const _` can never be equal to an even offset
-            // in an `align(2)` allocation.
+            // A pointer can be known to be unequal to an integer if them being equal would imply
+            // that the null pointer is in-bounds (including one-past-the-end) of the pointer's
+            // allocation (as the null pointer is never in-bounds of any allocation), or is
+            // misaligned (as `0` is a multiple of any alignment), or that the pointer's
+            // allocation would wrap around the address space.
+            // Concretely, if `scalar_may_be_null` indicates that `ptr.wrapping_sub(int)` cannot
+            // be equal to `0`, then we know that `ptr != int`.
+            // For the specific case where `int == 0`, this checks if the pointer itself
+            // can definitely not be null, and this behavior is exposed on stable as
+            // `pointer::is_null`.
             (Scalar::Int(int), Scalar::Ptr(ptr, _)) | (Scalar::Ptr(ptr, _), Scalar::Int(int)) => {
                 let int = int.to_target_usize(*self.tcx);
-                let (ptr_prov, ptr_offset) = ptr.prov_and_relative_offset();
-                let allocid = ptr_prov.alloc_id();
-                let allocinfo = self.get_alloc_info(allocid);
-
-                // Check if the pointer cannot be equal to the integer due to alignment.
-                // For this purpose, an integer can be thought of as an offset into a
-                // maximally-aligned "allocation" (the whole address space),
-                // so the least common alignment is the alignment of the pointer's allocation.
-                let min_align = allocinfo.align.bytes();
-                let ptr_residue = ptr_offset.bytes() % min_align;
-                let int_residue = int % min_align;
-                if ptr_residue != int_residue {
-                    // The pointer and integer have a different residue modulo their common
-                    // alignment, they can never be equal.
+                let offset_ptr = ptr.wrapping_offset(Size::from_bytes(int.wrapping_neg()), self);
+                if !self.scalar_may_be_null(Scalar::from_pointer(offset_ptr, self))? {
+                    // `ptr.wrapping_sub(int)` is definitely not equal to `0`, so `ptr != int`
                     0
                 } else {
-                    // The pointer and integer have the same residue modulo their common alignment,
-                    // so the pointer could end up equal to the integer at runtime;
-                    // we can't know for sure.
+                    // `ptr.wrapping_sub(int)` could be equal to `0`, but might not be,
+                    // so we cannot know for sure if `ptr == int` or not
                     2
                 }
             }
diff --git a/tests/ui/consts/ptr_comparisons.rs b/tests/ui/consts/ptr_comparisons.rs
@@ -108,9 +108,20 @@ do_test!((&raw const A).wrapping_byte_add(1), (align_of::<T>() + 1) as *const u8
 do_test!(&A, 1 as *const u8, Some(false));
 do_test!((&raw const A).wrapping_byte_add(1), align_of::<T>() as *const u8, Some(false));
 
-// This one could return `Some(false)` by noticing that it would require `A` to be at address `0`,
-// but we don't currently check for that.
-do_test!((&raw const A).wrapping_byte_add(1), 1 as *const u8, None);
+// If `ptr.wrapping_sub(int)` cannot be null (because it is in-bounds or one-past-the-end of
+// `ptr`'s allocation, or because it is misaligned from `ptr`'s allocation), then we know that
+// `ptr != int`, even if `ptr` itself is out-of-bounds or one-past-the-end of its allocation.
+do_test!((&raw const A).wrapping_byte_add(1), 1 as *const u8, Some(false));
+do_test!((&raw const A).wrapping_byte_add(2), 2 as *const u8, Some(false));
+do_test!((&raw const A).wrapping_byte_add(3), 1 as *const u8, Some(false));
+do_test!((&raw const ZST).wrapping_byte_add(1), 1 as *const u8, Some(false));
+do_test!(VTABLE_PTR_1.wrapping_byte_add(1), 1 as *const u8, Some(false));
+do_test!(FN_PTR.wrapping_byte_add(1), 1 as *const u8, Some(false));
+do_test!(&A, size_of::<T>().wrapping_neg() as *const u8, Some(false));
+do_test!(&LARGE_WORD_ALIGNED, size_of::<usize>().wrapping_neg() as *const u8, Some(false));
+// (`ptr - int != 0` due to misalignment)
+do_test!((&raw const A).wrapping_byte_add(2), 1 as *const u8, Some(false));
+do_test!((&raw const ALIGNED_ZST).wrapping_byte_add(2), 1 as *const u8, Some(false));
 
 // When pointers go out-of-bounds, they *might* become null, so these comparions cannot work.
 do_test!((&raw const A).wrapping_add(2), 0 as *const u8, None);
