ensure vec macro honors lifetimes

Author: RalfJung

compiler/rustc_borrowck/src/type_check/mod.rs

@@ -1537,7 +1537,15 @@ impl<'a, 'tcx> Visitor<'tcx> for TypeChecker<'a, 'tcx> {
                         }
                     }
                     CastKind::Transmute => {
-                        // Transmutes are always well-typed, nothing to check here.
+                        let ty_from = op.ty(self.body, tcx);
+                        match ty_from.kind() {
+                            ty::Pat(base, _) if base == ty => {}
+                            _ => span_mirbug!(
+                                self,
+                                rvalue,
+                                "Unexpected CastKind::Transmute {ty_from:?} -> {ty:?}, which is not permitted in Analysis MIR",
+                            ),
+                        }
                     }
                     CastKind::Subtype => {
                         bug!("CastKind::Subtype shouldn't exist in borrowck")

compiler/rustc_hir_analysis/src/check/intrinsic.rs

@@ -215,6 +215,7 @@ fn intrinsic_operation_unsafety(tcx: TyCtxt<'_>, intrinsic_id: LocalDefId) -> hi
         | sym::wrapping_add
         | sym::wrapping_mul
         | sym::wrapping_sub
+        | sym::write_via_move_for_vec_unsafe
         // tidy-alphabetical-end
         => hir::Safety::Safe,
         _ => hir::Safety::Unsafe,
@@ -550,15 +551,9 @@ pub(crate) fn check_intrinsic_type(
         sym::cold_path => (0, 0, vec![], tcx.types.unit),
 
         sym::read_via_copy => (1, 0, vec![Ty::new_imm_ptr(tcx, param(0))], param(0)),
-        sym::write_via_move => {
+        sym::write_via_move | sym::write_via_move_for_vec_unsafe => {
             (1, 0, vec![Ty::new_mut_ptr(tcx, param(0)), param(0)], tcx.types.unit)
         }
-        sym::init_box_via_move => {
-            let t = param(0);
-            let maybe_uninit_t = Ty::new_maybe_uninit(tcx, t);
-
-            (1, 0, vec![Ty::new_box(tcx, maybe_uninit_t), param(0)], Ty::new_box(tcx, t))
-        }
 
         sym::typed_swap_nonoverlapping => {
             (1, 0, vec![Ty::new_mut_ptr(tcx, param(0)); 2], tcx.types.unit)

compiler/rustc_mir_build/src/builder/expr/into.rs

@@ -368,16 +368,21 @@ impl<'a, 'tcx> Builder<'a, 'tcx> {
             // Some intrinsics are handled here because they desperately want to avoid introducing
             // unnecessary copies.
             ExprKind::Call { ty, fun, ref args, .. }
-                if let ty::FnDef(def_id, generic_args) = ty.kind()
+                if let ty::FnDef(def_id, _generic_args) = ty.kind()
                     && let Some(intrinsic) = this.tcx.intrinsic(def_id)
-                    && matches!(intrinsic.name, sym::write_via_move | sym::init_box_via_move) =>
+                    && matches!(
+                        intrinsic.name,
+                        sym::write_via_move
+                            | sym::write_via_move_for_vec_unsafe
+                            | sym::init_box_via_move
+                    ) =>
             {
                 // We still have to evaluate the callee expression as normal (but we don't care
                 // about its result).
                 let _fun = unpack!(block = this.as_local_operand(block, fun));
 
                 match intrinsic.name {
-                    sym::write_via_move => {
+                    sym::write_via_move | sym::write_via_move_for_vec_unsafe => {
                         // `write_via_move(ptr, val)` becomes `*ptr = val` but without any dropping.
 
                         // The destination must have unit type (so we don't actually have to store anything
@@ -395,80 +400,59 @@ impl<'a, 'tcx> Builder<'a, 'tcx> {
                         let ptr_deref = ptr.project_deeper(&[ProjectionElem::Deref], this.tcx);
                         this.expr_into_dest(ptr_deref, block, val)
                     }
-                    sym::init_box_via_move => {
-                        // `write_via_move(b, val)` becomes
-                        // ```
-                        // *transmute::<_, *mut T>(b) = val;
-                        // transmute::<_, Box<T>>(b)
-                        // ```
-                        let t = generic_args.type_at(0);
-                        let [b, val] = **args else {
-                            span_bug!(expr_span, "invalid init_box_via_move call")
-                        };
-                        let Some(b) = unpack!(block = this.as_local_operand(block, b)).place()
-                        else {
-                            span_bug!(expr_span, "invalid init_box_via_move call")
-                        };
-                        // Project to the pointer inside `b`. We have to keep `b` in scope to ensure
-                        // it gets dropped. After the first projection we can transmute which is
-                        // easier.
-                        let ty::Adt(box_adt_def, box_adt_args) =
-                            b.ty(&this.local_decls, this.tcx).ty.kind()
-                        else {
-                            span_bug!(expr_span, "invalid init_box_via_move call")
-                        };
-                        let unique_field =
-                            this.tcx.adt_def(box_adt_def.did()).non_enum_variant().fields
-                                [rustc_abi::FieldIdx::ZERO]
-                                .did;
-                        let Some(unique_def) =
-                            this.tcx.type_of(unique_field).instantiate_identity().ty_adt_def()
-                        else {
-                            span_bug!(
-                                this.tcx.def_span(unique_field),
-                                "expected Box to contain Unique"
-                            )
-                        };
-                        let unique_ty =
-                            Ty::new_adt(this.tcx, unique_def, this.tcx.mk_args(&[box_adt_args[0]]));
-                        let b_field = b.project_deeper(
-                            &[ProjectionElem::Field(rustc_abi::FieldIdx::ZERO, unique_ty)],
-                            this.tcx,
-                        );
-                        // `ptr` is `b` transmuted to `*mut T`.
-                        let ptr_ty = Ty::new_mut_ptr(this.tcx, t);
-                        let ptr = this.local_decls.push(LocalDecl::new(ptr_ty, expr_span));
-                        this.cfg.push(
-                            block,
-                            Statement::new(source_info, StatementKind::StorageLive(ptr)),
-                        );
-                        // Make sure `StorageDead` gets emitted.
-                        this.schedule_drop_storage_and_value(expr_span, this.local_scope(), ptr);
-                        this.cfg.push_assign(
-                            block,
-                            source_info,
-                            Place::from(ptr),
-                            // Needs to be a `Copy` so that `b` still gets dropped if `val` panics.
-                            Rvalue::Cast(CastKind::Transmute, Operand::Copy(b_field), ptr_ty),
-                        );
-                        // Store `val` into `ptr`.
-                        let ptr_deref =
-                            Place::from(ptr).project_deeper(&[ProjectionElem::Deref], this.tcx);
-                        unpack!(block = this.expr_into_dest(ptr_deref, block, val));
-                        // Return `ptr` transmuted to `Box<T>`.
-                        this.cfg.push_assign(
-                            block,
-                            source_info,
-                            destination,
-                            Rvalue::Cast(
-                                CastKind::Transmute,
-                                // Move from `b` so that does not get dropped any more.
-                                Operand::Move(b),
-                                Ty::new_box(this.tcx, t),
-                            ),
-                        );
-                        block.unit()
-                    }
+                    // sym::init_box_via_move => {
+                    //     use rustc_abi::FieldIdx;
+                    //     // `init_box_via_move(b, val)` becomes
+                    //     // ```
+                    //     // *(b.0.0.0) = val;
+                    //     // ```
+                    //     let [b, val] = **args else {
+                    //         span_bug!(expr_span, "invalid init_box_via_move call")
+                    //     };
+                    //     let Some(b) = unpack!(block = this.as_local_operand(block, b)).place()
+                    //     else {
+                    //         span_bug!(expr_span, "invalid init_box_via_move call")
+                    //     };
+                    //     // Project to the pointer inside `b`. First we need to get the types of all
+                    //     // the fields we are projecting through.
+                    //     let field_ty = |adt: &ty::AdtDef<'tcx>, idx: FieldIdx| {
+                    //         let field = adt.non_enum_variant().fields[idx].did;
+                    //         this.tcx.type_of(field).instantiate_identity()
+                    //     };
+                    //     let ty::Adt(box_adt, box_adt_args) =
+                    //         b.ty(&this.local_decls, this.tcx).ty.kind()
+                    //     else {
+                    //         span_bug!(expr_span, "invalid init_box_via_move call")
+                    //     };
+                    //     // The `<T>` shared by Box, Unique, NonNull.
+                    //     let ty_arg = this.tcx.mk_args(&[box_adt_args[0]]);
+                    //     let ty::Adt(unique_adt, _args) = field_ty(box_adt, FieldIdx::Zero).kind()
+                    //     else {
+                    //         span_bug!(expr_span, "invalid init_box_via_move call")
+                    //     };
+                    //     let unique_ty = Ty::new_adt(this.tcx, unique_def, ty_arg);
+                    //     let ty::Adt(nonnull_adt, _args) =
+                    //         field_ty(unique_adt, FieldIdx::Zero).kind()
+                    //     else {
+                    //         span_bug!(expr_span, "invalid init_box_via_move call")
+                    //     };
+                    //     let nonnull_ty = Ty::new_adt(this.tcx, nonnull_adt, ty_arg);
+                    //     // Then we can construct the projection.
+                    //     let b_ptr_deref = b.project_deeper(
+                    //         &[
+                    //             ProjectionElem::Field(FieldIdx::ZERO, unique_ty),
+                    //             ProjectionElem::Field(FieldIdx::ZERO, nonnull_ty),
+                    //             ProjectionElem::Field(
+                    //                 FieldIdx::ZERO,
+                    //                 Ty::new_mut_ptr(tcx, ty_arg.type_at(0)),
+                    //             ),
+                    //             ProjectionElem::Deref,
+                    //         ],
+                    //         this.tcx,
+                    //     );
+                    //     // Store `val` into `b_ptr`.
+                    //     this.expr_into_dest(b_ptr_deref, block, val)
+                    // }
                     _ => rustc_middle::bug!(),
                 }
             }

compiler/rustc_span/src/symbol.rs

@@ -2445,6 +2445,7 @@ symbols! {
         write_macro,
         write_str,
         write_via_move,
+        write_via_move_for_vec_unsafe,
         writeln_macro,
         x86_amx_intrinsics,
         x87_reg,

library/alloc/src/boxed.rs

@@ -238,6 +238,7 @@ pub struct Box<
 /// # Safety
 ///
 /// size and align need to be safe for `Layout::from_size_align_unchecked`.
+#[cfg(not(no_global_oom_handling))]
 #[inline]
 #[cfg_attr(miri, track_caller)] // even without panics, this helps for Miri backtraces
 unsafe fn box_new_uninit(size: usize, align: usize) -> *mut u8 {
@@ -248,23 +249,33 @@ unsafe fn box_new_uninit(size: usize, align: usize) -> *mut u8 {
     }
 }
 
-/// Writes `x` into `b`, then returns `b` at its new type`.
+/// Writes `x` into `ptr` without unnecessary copies.
+/// Behaves exactly like `write_via_move`.
 ///
-/// This is needed for `vec!`, which can't afford any extra copies of the argument (or else debug
-/// builds regress), has to be written fully as a call chain without `let` (or else the temporary
-/// lifetimes of the arguments change), and can't use an `unsafe` block as that would then also
-/// include the user-provided `$x`.
+/// This is unsafe, but has to be marked as safe or else we couldn't use it in `vec!`.
+#[doc(hidden)]
 #[rustc_intrinsic]
 #[unstable(feature = "liballoc_internals", issue = "none")]
-pub fn init_box_via_move<T>(b: Box<MaybeUninit<T>>, x: T) -> Box<T>;
+pub fn write_via_move_for_vec_unsafe<T>(ptr: *mut T, x: T);
+
+/// Helper for `vec!`.
+#[doc(hidden)]
+#[unstable(feature = "liballoc_internals", issue = "none")]
+#[inline(always)]
+pub fn box_uninit_as_mut_ptr<T>(b: &mut Box<MaybeUninit<T>>) -> *mut T {
+    &raw mut **b as *mut _
+}
 
-/// Helper for `vec!` to ensure type inferences work correctly (which it wouldn't if we
-/// inlined the `as` cast).
+/// Helper for `vec!`.
+///
+/// This is unsafe, but has to be marked as safe or else we couldn't use it in `vec!`.
 #[doc(hidden)]
 #[unstable(feature = "liballoc_internals", issue = "none")]
 #[inline(always)]
-pub fn box_array_into_vec<T, const N: usize>(b: Box<[T; N]>) -> crate::vec::Vec<T> {
-    (b as Box<[T]>).into_vec()
+pub fn box_uninit_array_into_vec_unsafe<T, const N: usize>(
+    b: Box<MaybeUninit<[T; N]>>,
+) -> crate::vec::Vec<T> {
+    unsafe { (b.assume_init() as Box<[T]>).into_vec() }
 }
 
 impl<T> Box<T> {

library/alloc/src/macros.rs

@@ -38,7 +38,7 @@
 #[macro_export]
 #[stable(feature = "rust1", since = "1.0.0")]
 #[rustc_diagnostic_item = "vec_macro"]
-#[allow_internal_unstable(rustc_attrs, liballoc_internals)]
+#[allow_internal_unstable(rustc_attrs, liballoc_internals, core_intrinsics)]
 macro_rules! vec {
     () => (
         $crate::vec::Vec::new()
@@ -47,16 +47,25 @@ macro_rules! vec {
         $crate::vec::from_elem($elem, $n)
     );
     ($($x:expr),+ $(,)?) => (
-        $crate::boxed::box_array_into_vec(
-            // Using `init_box_via_move` produces a dramatic improvement in stack usage for
-            // unoptimized programs using this code path to construct large Vecs.
-            // We can't use `write_via_move` because this entire invocation has to remain a call
-            // chain without `let` bindings, or else the temporary scopes change and things break;
-            // it also has to all be safe since `safe { ... }` blocks sadly are not a thing and we
-            // must not wrap `$x` in `unsafe` (also, wrapping `$x` in a safe block has a good chance
-            // of introducing extra moves so might not be a good call either).
-            $crate::boxed::init_box_via_move($crate::boxed::Box::new_uninit(), [$($x),+])
-        )
+        // Using `write_via_move` produces a dramatic improvement in stack usage for
+        // unoptimized programs using this code path to construct large Vecs.
+        // However that means we can't wrap any of this in helper methods. We also can't
+        // call the original `write_via_move` as that is unsafe and then we'd also wrap
+        // the `$x` in an unsafe block which would be bad. So we have a fake-safe intrinsic
+        // that's actually unsafe. Aren't macros beautiful?
+        // We save a function call here by putting the `assume_init` + conversion to `Vec`
+        // into a helper that does both; that's another fake-safe function.
+        $crate::boxed::box_uninit_array_into_vec_unsafe({
+            let mut b = $crate::boxed::Box::new_uninit();
+            $crate::boxed::write_via_move_for_vec_unsafe(
+                // It's very annoying that we have to call a method to get the pointer to write to
+                // (the perf cost of that is measurable), but it's the only way to ensure lifetime
+                // constraints are properly propagated.
+                $crate::boxed::box_uninit_as_mut_ptr(&mut b),
+                [$($x),+],
+            );
+            b
+        })
     );
 }