reference to mutable memory in const is impossible

RalfJung · RalfJung · commit a2352fe7a123 · 2023-10-28T14:09:54.000+02:00
diff --git a/compiler/rustc_const_eval/messages.ftl b/compiler/rustc_const_eval/messages.ftl
@@ -406,7 +406,6 @@ const_eval_upcast_mismatch =
 
 ## The `front_matter`s here refer to either `const_eval_front_matter_invalid_value` or `const_eval_front_matter_invalid_value_with_path`.
 ## (We'd love to sort this differently to make that more clear but tidy won't let us...)
-const_eval_validation_box_to_mut = {$front_matter}: encountered a box pointing to mutable memory in a constant
 const_eval_validation_box_to_static = {$front_matter}: encountered a box pointing to a static variable in a constant
 const_eval_validation_box_to_uninhabited = {$front_matter}: encountered a box pointing to uninhabited type {$ty}
 const_eval_validation_dangling_box_no_provenance = {$front_matter}: encountered a dangling box ({$pointer} has no provenance)
@@ -452,7 +451,6 @@ const_eval_validation_out_of_range = {$front_matter}: encountered {$value}, but
 const_eval_validation_partial_pointer = {$front_matter}: encountered a partial pointer or a mix of pointers
 const_eval_validation_pointer_as_int = {$front_matter}: encountered a pointer, but {$expected}
 const_eval_validation_ptr_out_of_range = {$front_matter}: encountered a pointer, but expected something that cannot possibly fail to be {$in_range}
-const_eval_validation_ref_to_mut = {$front_matter}: encountered a reference pointing to mutable memory in a constant
 const_eval_validation_ref_to_static = {$front_matter}: encountered a reference pointing to a static variable in a constant
 const_eval_validation_ref_to_uninhabited = {$front_matter}: encountered a reference pointing to uninhabited type {$ty}
 const_eval_validation_unaligned_box = {$front_matter}: encountered an unaligned box (required {$required_bytes} byte alignment but found {$found_bytes})
diff --git a/compiler/rustc_const_eval/src/errors.rs b/compiler/rustc_const_eval/src/errors.rs
@@ -612,9 +612,6 @@ impl<'tcx> ReportErrorExt for ValidationErrorInfo<'tcx> {
             PtrToStatic { ptr_kind: PointerKind::Box } => const_eval_validation_box_to_static,
             PtrToStatic { ptr_kind: PointerKind::Ref } => const_eval_validation_ref_to_static,
 
-            PtrToMut { ptr_kind: PointerKind::Box } => const_eval_validation_box_to_mut,
-            PtrToMut { ptr_kind: PointerKind::Ref } => const_eval_validation_ref_to_mut,
-
             PointerAsInt { .. } => const_eval_validation_pointer_as_int,
             PartialPointer => const_eval_validation_partial_pointer,
             MutableRefInConst => const_eval_validation_mutable_ref_in_const,
@@ -770,7 +767,6 @@ impl<'tcx> ReportErrorExt for ValidationErrorInfo<'tcx> {
             }
             NullPtr { .. }
             | PtrToStatic { .. }
-            | PtrToMut { .. }
             | MutableRefInConst
             | MutableRefToImmutable
             | NullFnPtr
diff --git a/compiler/rustc_const_eval/src/interpret/validity.rs b/compiler/rustc_const_eval/src/interpret/validity.rs
@@ -510,10 +510,14 @@ impl<'rt, 'mir, 'tcx: 'mir, M: Machine<'mir, 'tcx>> ValidityVisitor<'rt, 'mir, '
                         if alloc.inner().mutability == Mutability::Mut
                             && matches!(self.ctfe_mode, Some(CtfeValidationMode::Const { .. }))
                         {
-                            // This should be unreachable, but if someone manages to copy a pointer
-                            // out of a `static`, then that pointer might point to mutable memory,
-                            // and we would catch that here.
-                            throw_validation_failure!(self.path, PtrToMut { ptr_kind });
+                            // This is impossible: this can only be some inner allocation of a
+                            // `static mut` (everything else either hits the `GlobalAlloc::Static`
+                            // case or is interned immutably). To get such a pointer we'd have to
+                            // load it from a static, but such loads lead to a CTFE error.
+                            span_bug!(
+                                self.ecx.tcx.span,
+                                "encountered reference to mutable memory inside a `const`"
+                            );
                         }
                         if ptr_expected_mutbl == Mutability::Mut
                             && alloc.inner().mutability == Mutability::Not
diff --git a/compiler/rustc_middle/src/mir/interpret/error.rs b/compiler/rustc_middle/src/mir/interpret/error.rs
@@ -427,7 +427,6 @@ pub enum ValidationErrorKind<'tcx> {
     PartialPointer,
     PtrToUninhabited { ptr_kind: PointerKind, ty: Ty<'tcx> },
     PtrToStatic { ptr_kind: PointerKind },
-    PtrToMut { ptr_kind: PointerKind },
     MutableRefInConst,
     MutableRefToImmutable,
     UnsafeCellInImmutable,
diff --git a/tests/ui/consts/const-points-to-static.32bit.stderr b/tests/ui/consts/const-points-to-static.32bit.stderr
diff --git a/tests/ui/consts/const-points-to-static.64bit.stderr b/tests/ui/consts/const-points-to-static.64bit.stderr
diff --git a/tests/ui/consts/const-points-to-static.rs b/tests/ui/consts/const-points-to-static.rs
diff --git a/tests/ui/consts/miri_unleashed/const_refers_to_static.32bit.stderr b/tests/ui/consts/miri_unleashed/const_refers_to_static.32bit.stderr
@@ -38,6 +38,17 @@ LL | const READ_IMMUT: &usize = {
                ╾ALLOC1╼                                     │ ╾──╼
            }
 
+error[E0080]: it is undefined behavior to use this value
+  --> $DIR/const_refers_to_static.rs:34:1
+   |
+LL | const REF_IMMUT: &u8 = &MY_STATIC;
+   | ^^^^^^^^^^^^^^^^^^^^ constructing invalid value: encountered a reference pointing to a static variable in a constant
+   |
+   = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior.
+   = note: the raw bytes of the constant (size: 4, align: 4) {
+               ╾ALLOC2╼                                     │ ╾──╼
+           }
+
 warning: skipping const checks
    |
 help: skipping check that does not even have a feature gate
@@ -75,7 +86,12 @@ help: skipping check that does not even have a feature gate
    |
 LL |     &FOO
    |      ^^^
+help: skipping check that does not even have a feature gate
+  --> $DIR/const_refers_to_static.rs:34:25
+   |
+LL | const REF_IMMUT: &u8 = &MY_STATIC;
+   |                         ^^^^^^^^^
 
-error: aborting due to 5 previous errors; 1 warning emitted
+error: aborting due to 6 previous errors; 1 warning emitted
 
 For more information about this error, try `rustc --explain E0080`.
diff --git a/tests/ui/consts/miri_unleashed/const_refers_to_static.64bit.stderr b/tests/ui/consts/miri_unleashed/const_refers_to_static.64bit.stderr
@@ -38,6 +38,17 @@ LL | const READ_IMMUT: &usize = {
                ╾ALLOC1╼                         │ ╾──────╼
            }
 
+error[E0080]: it is undefined behavior to use this value
+  --> $DIR/const_refers_to_static.rs:34:1
+   |
+LL | const REF_IMMUT: &u8 = &MY_STATIC;
+   | ^^^^^^^^^^^^^^^^^^^^ constructing invalid value: encountered a reference pointing to a static variable in a constant
+   |
+   = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior.
+   = note: the raw bytes of the constant (size: 8, align: 8) {
+               ╾ALLOC2╼                         │ ╾──────╼
+           }
+
 warning: skipping const checks
    |
 help: skipping check that does not even have a feature gate
@@ -75,7 +86,12 @@ help: skipping check that does not even have a feature gate
    |
 LL |     &FOO
    |      ^^^
+help: skipping check that does not even have a feature gate
+  --> $DIR/const_refers_to_static.rs:34:25
+   |
+LL | const REF_IMMUT: &u8 = &MY_STATIC;
+   |                         ^^^^^^^^^
 
-error: aborting due to 5 previous errors; 1 warning emitted
+error: aborting due to 6 previous errors; 1 warning emitted
 
 For more information about this error, try `rustc --explain E0080`.
diff --git a/tests/ui/consts/miri_unleashed/const_refers_to_static.rs b/tests/ui/consts/miri_unleashed/const_refers_to_static.rs
@@ -30,4 +30,9 @@ const READ_IMMUT: &usize = { //~ ERROR it is undefined behavior to use this valu
     &FOO
 };
 
+static MY_STATIC: u8 = 4;
+const REF_IMMUT: &u8 = &MY_STATIC;
+//~^ ERROR it is undefined behavior to use this value
+//~| encountered a reference pointing to a static variable
+
 fn main() {}
diff --git a/tests/ui/consts/miri_unleashed/mutable_references_err.32bit.stderr b/tests/ui/consts/miri_unleashed/mutable_references_err.32bit.stderr
@@ -53,6 +53,23 @@ LL | static mut MUT_TO_READONLY: &mut i32 = unsafe { &mut *(&READONLY as *const
                ╾ALLOC5╼                                     │ ╾──╼
            }
 
+error[E0080]: it is undefined behavior to use this value
+  --> $DIR/mutable_references_err.rs:49:1
+   |
+LL | const POINTS_TO_MUTABLE1: &i32 = unsafe { &MUTABLE };
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ constructing invalid value: encountered a reference pointing to a static variable in a constant
+   |
+   = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior.
+   = note: the raw bytes of the constant (size: 4, align: 4) {
+               ╾ALLOC6╼                                     │ ╾──╼
+           }
+
+error[E0080]: evaluation of constant value failed
+  --> $DIR/mutable_references_err.rs:53:43
+   |
+LL | const POINTS_TO_MUTABLE2: &i32 = unsafe { &*MUTABLE_REF };
+   |                                           ^^^^^^^^^^^^^ constant accesses static
+
 warning: skipping const checks
    |
 help: skipping check that does not even have a feature gate
@@ -100,7 +117,32 @@ help: skipping check that does not even have a feature gate
    |
 LL | static mut MUT_TO_READONLY: &mut i32 = unsafe { &mut *(&READONLY as *const _ as *mut _) };
    |                                                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+help: skipping check that does not even have a feature gate
+  --> $DIR/mutable_references_err.rs:49:44
+   |
+LL | const POINTS_TO_MUTABLE1: &i32 = unsafe { &MUTABLE };
+   |                                            ^^^^^^^
+help: skipping check that does not even have a feature gate
+  --> $DIR/mutable_references_err.rs:49:44
+   |
+LL | const POINTS_TO_MUTABLE1: &i32 = unsafe { &MUTABLE };
+   |                                            ^^^^^^^
+help: skipping check that does not even have a feature gate
+  --> $DIR/mutable_references_err.rs:52:36
+   |
+LL | static mut MUTABLE_REF: &mut i32 = &mut 42;
+   |                                    ^^^^^^^
+help: skipping check that does not even have a feature gate
+  --> $DIR/mutable_references_err.rs:53:45
+   |
+LL | const POINTS_TO_MUTABLE2: &i32 = unsafe { &*MUTABLE_REF };
+   |                                             ^^^^^^^^^^^
+help: skipping check that does not even have a feature gate
+  --> $DIR/mutable_references_err.rs:53:45
+   |
+LL | const POINTS_TO_MUTABLE2: &i32 = unsafe { &*MUTABLE_REF };
+   |                                             ^^^^^^^^^^^
 
-error: aborting due to 5 previous errors; 1 warning emitted
+error: aborting due to 7 previous errors; 1 warning emitted
 
 For more information about this error, try `rustc --explain E0080`.
diff --git a/tests/ui/consts/miri_unleashed/mutable_references_err.64bit.stderr b/tests/ui/consts/miri_unleashed/mutable_references_err.64bit.stderr
@@ -53,6 +53,23 @@ LL | static mut MUT_TO_READONLY: &mut i32 = unsafe { &mut *(&READONLY as *const
                ╾ALLOC5╼                         │ ╾──────╼
            }
 
+error[E0080]: it is undefined behavior to use this value
+  --> $DIR/mutable_references_err.rs:49:1
+   |
+LL | const POINTS_TO_MUTABLE1: &i32 = unsafe { &MUTABLE };
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ constructing invalid value: encountered a reference pointing to a static variable in a constant
+   |
+   = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior.
+   = note: the raw bytes of the constant (size: 8, align: 8) {
+               ╾ALLOC6╼                         │ ╾──────╼
+           }
+
+error[E0080]: evaluation of constant value failed
+  --> $DIR/mutable_references_err.rs:53:43
+   |
+LL | const POINTS_TO_MUTABLE2: &i32 = unsafe { &*MUTABLE_REF };
+   |                                           ^^^^^^^^^^^^^ constant accesses static
+
 warning: skipping const checks
    |
 help: skipping check that does not even have a feature gate
@@ -100,7 +117,32 @@ help: skipping check that does not even have a feature gate
    |
 LL | static mut MUT_TO_READONLY: &mut i32 = unsafe { &mut *(&READONLY as *const _ as *mut _) };
    |                                                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+help: skipping check that does not even have a feature gate
+  --> $DIR/mutable_references_err.rs:49:44
+   |
+LL | const POINTS_TO_MUTABLE1: &i32 = unsafe { &MUTABLE };
+   |                                            ^^^^^^^
+help: skipping check that does not even have a feature gate
+  --> $DIR/mutable_references_err.rs:49:44
+   |
+LL | const POINTS_TO_MUTABLE1: &i32 = unsafe { &MUTABLE };
+   |                                            ^^^^^^^
+help: skipping check that does not even have a feature gate
+  --> $DIR/mutable_references_err.rs:52:36
+   |
+LL | static mut MUTABLE_REF: &mut i32 = &mut 42;
+   |                                    ^^^^^^^
+help: skipping check that does not even have a feature gate
+  --> $DIR/mutable_references_err.rs:53:45
+   |
+LL | const POINTS_TO_MUTABLE2: &i32 = unsafe { &*MUTABLE_REF };
+   |                                             ^^^^^^^^^^^
+help: skipping check that does not even have a feature gate
+  --> $DIR/mutable_references_err.rs:53:45
+   |
+LL | const POINTS_TO_MUTABLE2: &i32 = unsafe { &*MUTABLE_REF };
+   |                                             ^^^^^^^^^^^
 
-error: aborting due to 5 previous errors; 1 warning emitted
+error: aborting due to 7 previous errors; 1 warning emitted
 
 For more information about this error, try `rustc --explain E0080`.
diff --git a/tests/ui/consts/miri_unleashed/mutable_references_err.rs b/tests/ui/consts/miri_unleashed/mutable_references_err.rs
@@ -41,7 +41,18 @@ const BLUNT: &mut i32 = &mut 42;
 static READONLY: i32 = 0;
 static mut MUT_TO_READONLY: &mut i32 = unsafe { &mut *(&READONLY as *const _ as *mut _) };
 //~^ ERROR: it is undefined behavior to use this value
-//~| mutable reference
+//~| pointing to read-only memory
+
+// Check for consts pointing to mutable memory.
+// Currently it's not even possible to create such a const.
+static mut MUTABLE: i32 = 42;
+const POINTS_TO_MUTABLE1: &i32 = unsafe { &MUTABLE };
+//~^ ERROR: undefined behavior to use this value
+//~| pointing to a static
+static mut MUTABLE_REF: &mut i32 = &mut 42;
+const POINTS_TO_MUTABLE2: &i32 = unsafe { &*MUTABLE_REF };
+//~^ ERROR: evaluation of constant value failed
+//~| accesses static
 
 fn main() {
     unsafe {
