Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Include arguments to the precondition check in failure messages #134938

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Include arguments to the precondition check in failure messages #134938

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion library/core/src/alloc/layout.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ impl Layout {
assert_unsafe_precondition!(
check_library_ub,
"Layout::from_size_align_unchecked requires that align is a power of 2 \
and the rounded-up allocation size does not exceed isize::MAX",
and the rounded-up allocation size does not exceed isize::MAX (size:{size}, align:{align})",
(
size: usize = size,
align: usize = align,
Expand Down
2 changes: 1 addition & 1 deletion library/core/src/ascii/ascii_char.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -506,7 +506,7 @@ impl AsciiChar {
pub const unsafe fn digit_unchecked(d: u8) -> Self {
assert_unsafe_precondition!(
check_language_ub,
"`ascii::Char::digit_unchecked` input cannot exceed 9.",
"`ascii::Char::digit_unchecked` input cannot exceed 9. (d:{d})",
(d: u8 = d) => d < 10
);

Expand Down
2 changes: 1 addition & 1 deletion library/core/src/char/convert.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ pub(super) const unsafe fn from_u32_unchecked(i: u32) -> char {
unsafe {
assert_unsafe_precondition!(
check_language_ub,
"invalid value for `char`",
"invalid value for `char` ({i})",
(i: u32 = i) => char_try_from_u32(i).is_ok()
);
transmute(i)
Expand Down
9 changes: 6 additions & 3 deletions library/core/src/intrinsics/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4354,7 +4354,8 @@ pub const unsafe fn copy_nonoverlapping<T>(src: *const T, dst: *mut T, count: us
ub_checks::assert_unsafe_precondition!(
check_language_ub,
"ptr::copy_nonoverlapping requires that both pointer arguments are aligned and non-null \
and the specified memory ranges do not overlap",
and the specified memory ranges do not overlap \
(src:{src:?}, dst:{dst:?}, size:{size}, align:{align}, count:{count})",
(
src: *const () = src as *const (),
dst: *mut () = dst as *mut (),
Expand Down Expand Up @@ -4459,7 +4460,8 @@ pub const unsafe fn copy<T>(src: *const T, dst: *mut T, count: usize) {
unsafe {
ub_checks::assert_unsafe_precondition!(
check_language_ub,
"ptr::copy requires that both pointer arguments are aligned and non-null",
"ptr::copy requires that both pointer arguments are aligned and non-null \
(src:{src:?}, dst:{dst:?}, align:{align})",
(
src: *const () = src as *const (),
dst: *mut () = dst as *mut (),
Expand Down Expand Up @@ -4542,7 +4544,8 @@ pub const unsafe fn write_bytes<T>(dst: *mut T, val: u8, count: usize) {
unsafe {
ub_checks::assert_unsafe_precondition!(
check_language_ub,
"ptr::write_bytes requires that the destination pointer is aligned and non-null",
"ptr::write_bytes requires that the destination pointer is aligned and non-null \
(dst:{addr:?}, align:{align})",
(
addr: *const () = dst as *const (),
align: usize = align_of::<T>(),
Expand Down
6 changes: 6 additions & 0 deletions library/core/src/num/int_macros.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -514,6 +514,7 @@ macro_rules! int_impl {
assert_unsafe_precondition!(
check_language_ub,
concat!(stringify!($SelfT), "::unchecked_add cannot overflow"),
// FIXME: concat! prevents adding formatting
(
lhs: $SelfT = self,
rhs: $SelfT = rhs,
Expand Down Expand Up @@ -664,6 +665,7 @@ macro_rules! int_impl {
assert_unsafe_precondition!(
check_language_ub,
concat!(stringify!($SelfT), "::unchecked_sub cannot overflow"),
// FIXME: concat! prevents adding formatting
(
lhs: $SelfT = self,
rhs: $SelfT = rhs,
Expand Down Expand Up @@ -814,6 +816,7 @@ macro_rules! int_impl {
assert_unsafe_precondition!(
check_language_ub,
concat!(stringify!($SelfT), "::unchecked_mul cannot overflow"),
// FIXME: concat! prevents adding formatting
(
lhs: $SelfT = self,
rhs: $SelfT = rhs,
Expand Down Expand Up @@ -1158,6 +1161,7 @@ macro_rules! int_impl {
assert_unsafe_precondition!(
check_language_ub,
concat!(stringify!($SelfT), "::unchecked_neg cannot overflow"),
// FIXME: concat! prevents adding formatting
(
lhs: $SelfT = self,
) => !lhs.overflowing_neg().1,
Expand Down Expand Up @@ -1286,6 +1290,7 @@ macro_rules! int_impl {
assert_unsafe_precondition!(
check_language_ub,
concat!(stringify!($SelfT), "::unchecked_shl cannot overflow"),
// FIXME: concat! prevents adding formatting
(
rhs: u32 = rhs,
) => rhs < <$ActualT>::BITS,
Expand Down Expand Up @@ -1407,6 +1412,7 @@ macro_rules! int_impl {
assert_unsafe_precondition!(
check_language_ub,
concat!(stringify!($SelfT), "::unchecked_shr cannot overflow"),
// FIXME: concat! prevents adding formatting
(
rhs: u32 = rhs,
) => rhs < <$ActualT>::BITS,
Expand Down
2 changes: 2 additions & 0 deletions library/core/src/num/nonzero.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -403,6 +403,7 @@ where
ub_checks::assert_unsafe_precondition!(
check_language_ub,
"NonZero::new_unchecked requires the argument to be non-zero",
// FIXME: Can't print n here because of how the check is written
() => false,
);
intrinsics::unreachable()
Expand Down Expand Up @@ -443,6 +444,7 @@ where
ub_checks::assert_unsafe_precondition!(
check_library_ub,
"NonZero::from_mut_unchecked requires the argument to dereference as non-zero",
// FIXME: Can't print n here because of how the check is written
() => false,
);
intrinsics::unreachable()
Expand Down
5 changes: 5 additions & 0 deletions library/core/src/num/uint_macros.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -561,6 +561,7 @@ macro_rules! uint_impl {
assert_unsafe_precondition!(
check_language_ub,
concat!(stringify!($SelfT), "::unchecked_add cannot overflow"),
// FIXME: concat! prevents adding formatting
(
lhs: $SelfT = self,
rhs: $SelfT = rhs,
Expand Down Expand Up @@ -751,6 +752,7 @@ macro_rules! uint_impl {
assert_unsafe_precondition!(
check_language_ub,
concat!(stringify!($SelfT), "::unchecked_sub cannot overflow"),
// FIXME: concat! prevents adding formatting
(
lhs: $SelfT = self,
rhs: $SelfT = rhs,
Expand Down Expand Up @@ -934,6 +936,7 @@ macro_rules! uint_impl {
assert_unsafe_precondition!(
check_language_ub,
concat!(stringify!($SelfT), "::unchecked_mul cannot overflow"),
// FIXME: concat! prevents adding formatting
(
lhs: $SelfT = self,
rhs: $SelfT = rhs,
Expand Down Expand Up @@ -1504,6 +1507,7 @@ macro_rules! uint_impl {
assert_unsafe_precondition!(
check_language_ub,
concat!(stringify!($SelfT), "::unchecked_shl cannot overflow"),
// FIXME: concat! prevents adding formatting
(
rhs: u32 = rhs,
) => rhs < <$ActualT>::BITS,
Expand Down Expand Up @@ -1625,6 +1629,7 @@ macro_rules! uint_impl {
assert_unsafe_precondition!(
check_language_ub,
concat!(stringify!($SelfT), "::unchecked_shr cannot overflow"),
// FIXME: concat! prevents adding formatting
(
rhs: u32 = rhs,
) => rhs < <$ActualT>::BITS,
Expand Down
3 changes: 2 additions & 1 deletion library/core/src/ops/index_range.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,8 @@ impl IndexRange {
pub const unsafe fn new_unchecked(start: usize, end: usize) -> Self {
ub_checks::assert_unsafe_precondition!(
check_library_ub,
"IndexRange::new_unchecked requires `start <= end`",
"IndexRange::new_unchecked requires `start <= end` \
(start:{start}, end:{end})",
(start: usize = start, end: usize = end) => start <= end,
);
IndexRange { start, end }
Expand Down
3 changes: 2 additions & 1 deletion library/core/src/ptr/alignment.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,8 @@ impl Alignment {
pub const unsafe fn new_unchecked(align: usize) -> Self {
assert_unsafe_precondition!(
check_language_ub,
"Alignment::new_unchecked requires a power of two",
"Alignment::new_unchecked requires a power of two \
(align:{align})",
(align: usize = align) => align.is_power_of_two()
);

Expand Down
12 changes: 8 additions & 4 deletions library/core/src/ptr/const_ptr.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -443,7 +443,8 @@ impl<T: ?Sized> *const T {

ub_checks::assert_unsafe_precondition!(
check_language_ub,
"ptr::offset requires the address calculation to not overflow",
"ptr::offset requires the address calculation to not overflow \
(ptr:{this:?}, count:{count}, size:{size})",
(
this: *const () = self as *const (),
count: isize = count,
Expand Down Expand Up @@ -789,7 +790,8 @@ impl<T: ?Sized> *const T {

ub_checks::assert_unsafe_precondition!(
check_language_ub,
"ptr::sub_ptr requires `self >= origin`",
"ptr::sub_ptr requires `self >= origin` \
(self:{this:?}, origin:{origin:?})",
(
this: *const () = self as *const (),
origin: *const () = origin as *const (),
Expand Down Expand Up @@ -955,7 +957,8 @@ impl<T: ?Sized> *const T {
#[cfg(debug_assertions)] // Expensive, and doesn't catch much in the wild.
ub_checks::assert_unsafe_precondition!(
check_language_ub,
"ptr::add requires that the address calculation does not overflow",
"ptr::add requires that the address calculation does not overflow \
(self:{this:?}, count:{count}, size:{size})",
(
this: *const () = self as *const (),
count: usize = count,
Expand Down Expand Up @@ -1060,7 +1063,8 @@ impl<T: ?Sized> *const T {
#[cfg(debug_assertions)] // Expensive, and doesn't catch much in the wild.
ub_checks::assert_unsafe_precondition!(
check_language_ub,
"ptr::sub requires that the address calculation does not overflow",
"ptr::sub requires that the address calculation does not overflow \
(self:{this:?}, count:{count}, size:{size})",
(
this: *const () = self as *const (),
count: usize = count,
Expand Down
18 changes: 12 additions & 6 deletions library/core/src/ptr/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1078,7 +1078,8 @@ pub const unsafe fn swap_nonoverlapping<T>(x: *mut T, y: *mut T, count: usize) {
ub_checks::assert_unsafe_precondition!(
check_language_ub,
"ptr::swap_nonoverlapping requires that both pointer arguments are aligned and non-null \
and the specified memory ranges do not overlap",
and the specified memory ranges do not overlap \
(x:{x:?}, y:{y:?}, size:{size}, align:{align}, count:{count})",
(
x: *mut () = x as *mut (),
y: *mut () = y as *mut (),
Expand Down Expand Up @@ -1223,7 +1224,8 @@ pub const unsafe fn replace<T>(dst: *mut T, src: T) -> T {
unsafe {
ub_checks::assert_unsafe_precondition!(
check_language_ub,
"ptr::replace requires that the pointer argument is aligned and non-null",
"ptr::replace requires that the pointer argument is aligned and non-null\
(dst:{addr:?}, (align:{align}))",
(
addr: *const () = dst as *const (),
align: usize = align_of::<T>(),
Expand Down Expand Up @@ -1376,7 +1378,8 @@ pub const unsafe fn read<T>(src: *const T) -> T {
#[cfg(debug_assertions)] // Too expensive to always enable (for now?)
ub_checks::assert_unsafe_precondition!(
check_language_ub,
"ptr::read requires that the pointer argument is aligned and non-null",
"ptr::read requires that the pointer argument is aligned and non-null \
(src:{addr:?}, align:{align})",
(
addr: *const () = src as *const (),
align: usize = align_of::<T>(),
Expand Down Expand Up @@ -1580,7 +1583,8 @@ pub const unsafe fn write<T>(dst: *mut T, src: T) {
#[cfg(debug_assertions)] // Too expensive to always enable (for now?)
ub_checks::assert_unsafe_precondition!(
check_language_ub,
"ptr::write requires that the pointer argument is aligned and non-null",
"ptr::write requires that the pointer argument is aligned and non-null \
(dst:{addr:?}, align:{align})",
(
addr: *mut () = dst as *mut (),
align: usize = align_of::<T>(),
Expand Down Expand Up @@ -1752,7 +1756,8 @@ pub unsafe fn read_volatile<T>(src: *const T) -> T {
unsafe {
ub_checks::assert_unsafe_precondition!(
check_language_ub,
"ptr::read_volatile requires that the pointer argument is aligned and non-null",
"ptr::read_volatile requires that the pointer argument is aligned and non-null \
(src:{addr:?}, align:{align})",
(
addr: *const () = src as *const (),
align: usize = align_of::<T>(),
Expand Down Expand Up @@ -1832,7 +1837,8 @@ pub unsafe fn write_volatile<T>(dst: *mut T, src: T) {
unsafe {
ub_checks::assert_unsafe_precondition!(
check_language_ub,
"ptr::write_volatile requires that the pointer argument is aligned and non-null",
"ptr::write_volatile requires that the pointer argument is aligned and non-null \
(dst:{addr:?}, align:{align})",
(
addr: *mut () = dst as *mut (),
align: usize = align_of::<T>(),
Expand Down
9 changes: 6 additions & 3 deletions library/core/src/ptr/mut_ptr.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -439,7 +439,8 @@ impl<T: ?Sized> *mut T {

ub_checks::assert_unsafe_precondition!(
check_language_ub,
"ptr::offset requires the address calculation to not overflow",
"ptr::offset requires the address calculation to not overflow \
(self:{this:?}, count:{count}, size:{size})",
(
this: *const () = self as *const (),
count: isize = count,
Expand Down Expand Up @@ -1045,7 +1046,8 @@ impl<T: ?Sized> *mut T {
#[cfg(debug_assertions)] // Expensive, and doesn't catch much in the wild.
ub_checks::assert_unsafe_precondition!(
check_language_ub,
"ptr::add requires that the address calculation does not overflow",
"ptr::add requires that the address calculation does not overflow \
(self:{this:?}, count:{count}, size:{size})",
(
this: *const () = self as *const (),
count: usize = count,
Expand Down Expand Up @@ -1150,7 +1152,8 @@ impl<T: ?Sized> *mut T {
#[cfg(debug_assertions)] // Expensive, and doesn't catch much in the wild.
ub_checks::assert_unsafe_precondition!(
check_language_ub,
"ptr::sub requires that the address calculation does not overflow",
"ptr::sub requires that the address calculation does not overflow \
(self:{this:?}, count:{count}, size:{size})",
(
this: *const () = self as *const (),
count: usize = count,
Expand Down
2 changes: 1 addition & 1 deletion library/core/src/ptr/non_null.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -195,7 +195,7 @@ impl<T: ?Sized> NonNull<T> {
unsafe {
assert_unsafe_precondition!(
check_language_ub,
"NonNull::new_unchecked requires that the pointer is non-null",
"NonNull::new_unchecked requires that the pointer is non-null (ptr:{ptr:?})",
(ptr: *mut () = ptr as *mut ()) => !ptr.is_null()
);
NonNull { pointer: ptr as _ }
Expand Down
22 changes: 14 additions & 8 deletions library/core/src/slice/index.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -242,8 +242,9 @@ unsafe impl<T> SliceIndex<[T]> for usize {
unsafe fn get_unchecked(self, slice: *const [T]) -> *const T {
assert_unsafe_precondition!(
check_language_ub,
"slice::get_unchecked requires that the index is within the slice",
(this: usize = self, len: usize = slice.len()) => this < len
"slice::get_unchecked requires that the index is within the slice \
(index:{index}, len:{len})",
(index: usize = self, len: usize = slice.len()) => index < len
);
// SAFETY: the caller guarantees that `slice` is not dangling, so it
// cannot be longer than `isize::MAX`. They also guarantee that
Expand All @@ -261,8 +262,9 @@ unsafe impl<T> SliceIndex<[T]> for usize {
unsafe fn get_unchecked_mut(self, slice: *mut [T]) -> *mut T {
assert_unsafe_precondition!(
check_library_ub,
"slice::get_unchecked_mut requires that the index is within the slice",
(this: usize = self, len: usize = slice.len()) => this < len
"slice::get_unchecked_mut requires that the index is within the slice \
(index:{index}, len:{len})",
(index: usize = self, len: usize = slice.len()) => index < len
);
// SAFETY: see comments for `get_unchecked` above.
unsafe { get_mut_noubcheck(slice, self) }
Expand Down Expand Up @@ -310,7 +312,8 @@ unsafe impl<T> SliceIndex<[T]> for ops::IndexRange {
unsafe fn get_unchecked(self, slice: *const [T]) -> *const [T] {
assert_unsafe_precondition!(
check_library_ub,
"slice::get_unchecked requires that the index is within the slice",
"slice::get_unchecked requires that the index is within the slice \
(end:{end}, len:{len})",
(end: usize = self.end(), len: usize = slice.len()) => end <= len
);
// SAFETY: the caller guarantees that `slice` is not dangling, so it
Expand All @@ -324,7 +327,8 @@ unsafe impl<T> SliceIndex<[T]> for ops::IndexRange {
unsafe fn get_unchecked_mut(self, slice: *mut [T]) -> *mut [T] {
assert_unsafe_precondition!(
check_library_ub,
"slice::get_unchecked_mut requires that the index is within the slice",
"slice::get_unchecked_mut requires that the index is within the slice \
(end:{end}, len:{len})",
(end: usize = self.end(), len: usize = slice.len()) => end <= len
);

Expand Down Expand Up @@ -389,7 +393,8 @@ unsafe impl<T> SliceIndex<[T]> for ops::Range<usize> {
unsafe fn get_unchecked(self, slice: *const [T]) -> *const [T] {
assert_unsafe_precondition!(
check_library_ub,
"slice::get_unchecked requires that the range is within the slice",
"slice::get_unchecked requires that the range is within the slice \
(range:{start}..{end}, len:{len})",
(
start: usize = self.start,
end: usize = self.end,
Expand All @@ -413,7 +418,8 @@ unsafe impl<T> SliceIndex<[T]> for ops::Range<usize> {
unsafe fn get_unchecked_mut(self, slice: *mut [T]) -> *mut [T] {
assert_unsafe_precondition!(
check_library_ub,
"slice::get_unchecked_mut requires that the range is within the slice",
"slice::get_unchecked_mut requires that the range is within the slice \
(range:{start}..{end}, len:{len})",
(
start: usize = self.start,
end: usize = self.end,
Expand Down
Loading
Loading