Detect and reject out-of-range integers in format string literals

[colinba]

Until now out-of-range integers in format string literals were silently ignored. They wrapped around to zero at usize::MAX, producing unexpected results.

When using debug builds of rustc, such integers in format string literals even cause an 'attempt to add with overflow' panic in rustc.

Fix this by producing an error diagnostic for integers in format string literals which do not fit into usize.

Fixes #102528

[rust-highfive]

Thanks for the pull request, and welcome! The Rust team is excited to review your changes, and you should hear from @wesleywiser (or someone else) soon.

Please see the contribution instructions for more information.

[rustbot]

Hey! It looks like you've submitted a new PR for the library teams!

If this PR contains changes to any rust-lang/rust public library APIs then please comment with @rustbot label +T-libs-api -T-libs to tag it appropriately. If this PR contains changes to any unstable APIs please edit the PR description to add a link to the relevant API Change Proposal or create one if you haven't already. If you're unsure where your change falls no worries, just leave it as is and the reviewer will take a look and make a decision to forward on if necessary.

Examples of T-libs-api changes:

• Stabilizing library features
• Introducing insta-stable changes such as new implementations of existing stable traits on existing stable types
• Introducing new or changing existing unstable library APIs (excluding permanently unstable features / features without a tracking issue)
• Changing public documentation in ways that create new stability guarantees
• Changing observable runtime behavior of library APIs

[wesleywiser]

@bors try @rust-timer queue

[rust-timer]

Awaiting bors try build completion.

@rustbot label: +S-waiting-on-perf

[bors]

⌛ Trying commit b9e85bf with merge 31cf317f4c1a3702d4c61fa903f29d9d9cb9477d...

[bors]

☀️ Try build successful - checks-actions
Build commit: 31cf317f4c1a3702d4c61fa903f29d9d9cb9477d (31cf317f4c1a3702d4c61fa903f29d9d9cb9477d)

[rust-timer]

Queued 31cf317f4c1a3702d4c61fa903f29d9d9cb9477d with parent 0265a3e, future comparison URL.

[rust-timer]

Finished benchmarking commit (31cf317f4c1a3702d4c61fa903f29d9d9cb9477d): comparison URL.

Overall result: ❌ regressions - ACTION NEEDED

Benchmarking this pull request likely means that it is perf-sensitive, so we're automatically marking it as not fit for rolling up. While you can manually mark this PR as fit for rollup, we strongly recommend not doing so since this PR may lead to changes in compiler perf.

Next Steps: If you can justify the regressions found in this try perf run, please indicate this with @rustbot label: +perf-regression-triaged along with sufficient written justification. If you cannot justify the regressions please fix the regressions and do another perf run. If the next run shows neutral or positive results, the label will be automatically removed.

@bors rollup=never
@rustbot label: +S-waiting-on-review -S-waiting-on-perf +perf-regression

Instruction count

This is a highly reliable metric that was used to determine the overall result at the top of this comment.

	mean1	range	count2
Regressions ❌ (primary)	0.8%	[0.7%, 0.9%]	6
Regressions ❌ (secondary)	-	-	0
Improvements ✅ (primary)	-	-	0
Improvements ✅ (secondary)	-	-	0
All ❌✅ (primary)	0.8%	[0.7%, 0.9%]	6

Max RSS (memory usage)

Results

This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.

	mean1	range	count2
Regressions ❌ (primary)	-	-	0
Regressions ❌ (secondary)	5.1%	[5.1%, 5.1%]	1
Improvements ✅ (primary)	-5.0%	[-5.0%, -5.0%]	1
Improvements ✅ (secondary)	-	-	0
All ❌✅ (primary)	-5.0%	[-5.0%, -5.0%]	1

Cycles

Results

This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.

	mean1	range	count2
Regressions ❌ (primary)	2.1%	[1.7%, 2.7%]	4
Regressions ❌ (secondary)	2.5%	[2.1%, 2.9%]	2
Improvements ✅ (primary)	-	-	0
Improvements ✅ (secondary)	-	-	0
All ❌✅ (primary)	2.1%	[1.7%, 2.7%]	4

Footnotes

1. the arithmetic mean of the percent change ↩ ↩² ↩³

2. number of relevant changes ↩ ↩² ↩³

[wesleywiser]

The perf regressions are all in diesel which has been noisy lately. I also ran cachegrind locally and the changed function doesn't even appear in the perf diff.

It does seem quite odd to me that the size of the integers supported in the format string are tied to the host compiler's usize (ie, you could construct a program that compiles on a 64-bit compiler but fails with this error on a 32-bit compiler even though the --target is the same). I think it would probably be better to just use a u64 instead of a usize but I don't think that has to block landing this improvement over the current behavior.

I'm going to reassign to someone from T-libs so they can validate if they approve the doc change.

Thanks for the PR @colinba!

[wesleywiser]

r? libs

[joshtriplett]

@bors r+ rollup=never

[bors]

📌 Commit b9e85bf has been approved by joshtriplett

It is now in the queue for this repository.

[bors]

⌛ Testing commit b9e85bf with merge ee1c3b3...

[bors]

☀️ Test successful - checks-actions
Approved by: joshtriplett
Pushing ee1c3b3 to master...

[rust-timer]

Finished benchmarking commit (ee1c3b3): comparison URL.

Overall result: no relevant changes - no action needed

@rustbot label: -perf-regression

Instruction count

This benchmark run did not return any relevant results for this metric.

Max RSS (memory usage)

This benchmark run did not return any relevant results for this metric.

Cycles

Results

This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.

	mean1	range	count2
Regressions ❌ (primary)	2.4%	[1.6%, 3.3%]	3
Regressions ❌ (secondary)	4.2%	[3.6%, 4.9%]	2
Improvements ✅ (primary)	-2.6%	[-2.6%, -2.6%]	1
Improvements ✅ (secondary)	-2.3%	[-2.3%, -2.3%]	1
All ❌✅ (primary)	1.2%	[-2.6%, 3.3%]	4

Footnotes

1. the arithmetic mean of the percent change ↩

2. number of relevant changes ↩