add overflow_checks intrinsic

pitaj · pitaj · commit cc8b95cc5490 · 2025-11-08T10:57:35.000-07:00
diff --git a/compiler/rustc_const_eval/src/check_consts/check.rs b/compiler/rustc_const_eval/src/check_consts/check.rs
@@ -645,10 +645,7 @@ impl<'tcx> Visitor<'tcx> for Checker<'_, 'tcx> {
 
             Rvalue::Cast(_, _, _) => {}
 
-            Rvalue::NullaryOp(
-                NullOp::OffsetOf(_) | NullOp::RuntimeChecks(_),
-                _,
-            ) => {}
+            Rvalue::NullaryOp(NullOp::OffsetOf(_) | NullOp::RuntimeChecks(_), _) => {}
             Rvalue::ShallowInitBox(_, _) => {}
 
             Rvalue::UnaryOp(op, operand) => {
diff --git a/compiler/rustc_hir_analysis/src/check/intrinsic.rs b/compiler/rustc_hir_analysis/src/check/intrinsic.rs
@@ -163,6 +163,7 @@ fn intrinsic_operation_unsafety(tcx: TyCtxt<'_>, intrinsic_id: LocalDefId) -> hi
         | sym::minnumf128
         | sym::mul_with_overflow
         | sym::needs_drop
+        | sym::overflow_checks
         | sym::powf16
         | sym::powf32
         | sym::powf64
@@ -643,7 +644,7 @@ pub(crate) fn check_intrinsic_type(
         sym::aggregate_raw_ptr => (3, 0, vec![param(1), param(2)], param(0)),
         sym::ptr_metadata => (2, 0, vec![Ty::new_imm_ptr(tcx, param(0))], param(1)),
 
-        sym::ub_checks => (0, 0, Vec::new(), tcx.types.bool),
+        sym::ub_checks | sym::overflow_checks => (0, 0, Vec::new(), tcx.types.bool),
 
         sym::box_new => (1, 0, vec![param(0)], Ty::new_box(tcx, param(0))),
 
diff --git a/compiler/rustc_middle/src/mir/pretty.rs b/compiler/rustc_middle/src/mir/pretty.rs
@@ -1097,6 +1097,9 @@ impl<'tcx> Debug for Rvalue<'tcx> {
                     NullOp::RuntimeChecks(RuntimeChecks::ContractChecks) => {
                         write!(fmt, "ContractChecks()")
                     }
+                    NullOp::RuntimeChecks(RuntimeChecks::OverflowChecks) => {
+                        write!(fmt, "OverflowChecks()")
+                    }
                 }
             }
             ThreadLocalRef(did) => ty::tls::with(|tcx| {
diff --git a/compiler/rustc_middle/src/mir/syntax.rs b/compiler/rustc_middle/src/mir/syntax.rs
@@ -1577,13 +1577,17 @@ pub enum RuntimeChecks {
     /// Returns whether we should perform contract-checking at runtime.
     /// See the `contract_checks` intrinsic docs for details.
     ContractChecks,
+    /// Returns whether we should perform some overflow-checking at runtime.
+    /// See the `overflow_checks` intrinsic docs for details.
+    OverflowChecks,
 }
 
 impl RuntimeChecks {
     pub fn value(self, sess: &rustc_session::Session) -> bool {
         match self {
             Self::UbChecks => sess.ub_checks(),
             Self::ContractChecks => sess.contract_checks(),
+            Self::OverflowChecks => sess.overflow_checks(),
         }
     }
 }
diff --git a/compiler/rustc_mir_dataflow/src/move_paths/builder.rs b/compiler/rustc_mir_dataflow/src/move_paths/builder.rs
@@ -451,10 +451,7 @@ impl<'a, 'tcx, F: Fn(Ty<'tcx>) -> bool> MoveDataBuilder<'a, 'tcx, F> {
             Rvalue::Ref(..)
             | Rvalue::RawPtr(..)
             | Rvalue::Discriminant(..)
-            | Rvalue::NullaryOp(
-                NullOp::OffsetOf(..) | NullOp::RuntimeChecks(_),
-                _,
-            ) => {}
+            | Rvalue::NullaryOp(NullOp::OffsetOf(..) | NullOp::RuntimeChecks(_), _) => {}
         }
     }
 
diff --git a/compiler/rustc_mir_transform/src/lower_intrinsics.rs b/compiler/rustc_mir_transform/src/lower_intrinsics.rs
@@ -23,10 +23,11 @@ impl<'tcx> crate::MirPass<'tcx> for LowerIntrinsics {
                     sym::unreachable => {
                         terminator.kind = TerminatorKind::Unreachable;
                     }
-                    sym::ub_checks | sym::contract_checks => {
+                    sym::ub_checks | sym::overflow_checks | sym::contract_checks => {
                         let op = match intrinsic.name {
                             sym::ub_checks => RuntimeChecks::UbChecks,
                             sym::contract_checks => RuntimeChecks::ContractChecks,
+                            sym::overflow_checks => RuntimeChecks::OverflowChecks,
                             _ => unreachable!(),
                         };
                         let target = target.unwrap();
diff --git a/compiler/rustc_public/src/mir/body.rs b/compiler/rustc_public/src/mir/body.rs
@@ -1033,6 +1033,8 @@ pub enum RuntimeChecks {
     UbChecks,
     /// cfg!(contract_checks), but at codegen time
     ContractChecks,
+    /// cfg!(overflow_checks), but at codegen time
+    OverflowChecks,
 }
 
 impl Operand {
diff --git a/compiler/rustc_public/src/unstable/convert/stable/mir.rs b/compiler/rustc_public/src/unstable/convert/stable/mir.rs
@@ -330,6 +330,7 @@ impl<'tcx> Stable<'tcx> for mir::NullOp<'tcx> {
             RuntimeChecks(op) => crate::mir::NullOp::RuntimeChecks(match op {
                 UbChecks => crate::mir::RuntimeChecks::UbChecks,
                 ContractChecks => crate::mir::RuntimeChecks::ContractChecks,
+                OverflowChecks => crate::mir::RuntimeChecks::OverflowChecks,
             }),
         }
     }
diff --git a/library/core/src/intrinsics/mod.rs b/library/core/src/intrinsics/mod.rs
@@ -2585,6 +2585,24 @@ pub const fn ub_checks() -> bool {
     cfg!(ub_checks)
 }
 
+/// Returns whether we should perform some overflow-checking at runtime. This eventually evaluates to
+/// `cfg!(overflow_checks)`, but behaves different from `cfg!` when mixing crates built with different
+/// flags: if the crate has overflow checks enabled or carries the `#[rustc_inherit_overflow_checks]`
+/// attribute, evaluation is delayed until monomorphization (or until the call gets inlined into
+/// a crate that does not delay evaluation further); otherwise it can happen any time.
+///
+/// The common case here is a user program built with overflow_checks linked against the distributed
+/// sysroot which is built without overflow_checks but with `#[rustc_inherit_overflow_checks]`.
+/// For code that gets monomorphized in the user crate (i.e., generic functions and functions with
+/// `#[inline]`), gating assertions on `overflow_checks()` rather than `cfg!(overflow_checks)` means that
+/// assertions are enabled whenever the *user crate* has overflow checks enabled. However if the
+/// user has overflow checks disabled, the checks will still get optimized out.
+#[inline(always)]
+#[rustc_intrinsic]
+pub const fn overflow_checks() -> bool {
+    cfg!(debug_assertions)
+}
+
 /// Allocates a block of memory at compile time.
 /// At runtime, just returns a null pointer.
 ///
diff --git a/tests/codegen-llvm/auxiliary/overflow_checks_add.rs b/tests/codegen-llvm/auxiliary/overflow_checks_add.rs
@@ -0,0 +1,10 @@
+//@ compile-flags: -Cdebug-assertions=yes
+
+#![crate_type = "lib"]
+#![feature(core_intrinsics)]
+
+/// Emulates the default behavior of `+` using `intrinsics::overflow_checks()`.
+#[inline]
+pub fn add(a: u8, b: u8) -> u8 {
+    if core::intrinsics::overflow_checks() { a.strict_add(b) } else { a.wrapping_add(b) }
+}
diff --git a/tests/codegen-llvm/overflow-checks.rs b/tests/codegen-llvm/overflow-checks.rs
@@ -0,0 +1,29 @@
+// With -Coverflow-checks=yes (enabled by default by -Cdebug-assertions=yes) we will produce a
+// runtime check that panics when an operation would result in integer overflow.
+//
+// This test ensures that such a runtime check is *not* emitted when debug-assertions are enabled,
+// but overflow-checks are explicitly disabled. It also ensures that even if a dependency is
+// compiled with overflow checks, `intrinsics::overflow_checks()` will be treated with the
+// overflow-checks setting of the current crate (when `#[rustc_inherit_overflow_checks]`) is used.
+
+//@ aux-build:overflow_checks_add.rs
+//@ revisions: DEBUG NOCHECKS
+//@ compile-flags: -O -Cdebug-assertions=yes
+//@ [NOCHECKS] compile-flags: -Coverflow-checks=no
+
+#![crate_type = "lib"]
+
+extern crate overflow_checks_add;
+
+// CHECK-LABEL: @add(
+#[no_mangle]
+pub unsafe fn add(a: u8, b: u8) -> u8 {
+    //        CHECK: i8 noundef %a, i8 noundef %b
+    //        CHECK: add i8 %b, %a
+    //        DEBUG: icmp ult i8 [[zero:[^,]+]], %a
+    //        DEBUG: call core::num::overflow_panic::add
+    //        DEBUG: unreachable
+    // NOCHECKS-NOT: unreachable
+    //     NOCHECKS: ret i8 %0
+    overflow_checks_add::add(a, b)
+}
diff --git a/tests/ui/consts/const-eval/overflow_checks.rs b/tests/ui/consts/const-eval/overflow_checks.rs
@@ -0,0 +1,8 @@
+//@ build-pass
+//@ compile-flags: -O -C overflow-checks=no
+
+#![crate_type = "lib"]
+#![feature(core_intrinsics)]
+
+// Always returns true during CTFE, even if overflow checks are disabled.
+const _: () = assert!(core::intrinsics::overflow_checks());

Original file line number	Diff line number	Diff line change
`@@ -1097,6 +1097,9 @@ impl<'tcx> Debug for Rvalue<'tcx> {`
`1097`	`1097`	`NullOp::RuntimeChecks(RuntimeChecks::ContractChecks) => {`
`1098`	`1098`	`write!(fmt, "ContractChecks()")`
`1099`	`1099`	`}`
	`1100`	`+ NullOp::RuntimeChecks(RuntimeChecks::OverflowChecks) => {`
	`1101`	`+ write!(fmt, "OverflowChecks()")`
	`1102`	`+ }`
`1100`	`1103`	`}`
`1101`	`1104`	`}`
`1102`	`1105`	`ThreadLocalRef(did) => ty::tls::with(\|tcx\| {`
Original file line number	Diff line number	Diff line change
`@@ -1577,13 +1577,17 @@ pub enum RuntimeChecks {`
`1577`	`1577`	`/// Returns whether we should perform contract-checking at runtime.`
`1578`	`1578`	/// See the `contract_checks` intrinsic docs for details.
`1579`	`1579`	`ContractChecks,`
	`1580`	`+ /// Returns whether we should perform some overflow-checking at runtime.`
	`1581`	+ /// See the `overflow_checks` intrinsic docs for details.
	`1582`	`+ OverflowChecks,`
`1580`	`1583`	`}`
`1581`	`1584`
`1582`	`1585`	`impl RuntimeChecks {`
`1583`	`1586`	`pub fn value(self, sess: &rustc_session::Session) -> bool {`
`1584`	`1587`	`match self {`
`1585`	`1588`	`Self::UbChecks => sess.ub_checks(),`
`1586`	`1589`	`Self::ContractChecks => sess.contract_checks(),`
	`1590`	`+ Self::OverflowChecks => sess.overflow_checks(),`
`1587`	`1591`	`}`
`1588`	`1592`	`}`
`1589`	`1593`	`}`
Original file line number	Diff line number	Diff line change
`@@ -451,10 +451,7 @@ impl<'a, 'tcx, F: Fn(Ty<'tcx>) -> bool> MoveDataBuilder<'a, 'tcx, F> {`
`451`	`451`	`Rvalue::Ref(..)`
`452`	`452`	`\| Rvalue::RawPtr(..)`
`453`	`453`	`\| Rvalue::Discriminant(..)`
`454`		`- \| Rvalue::NullaryOp(`
`455`		`- NullOp::OffsetOf(..) \| NullOp::RuntimeChecks(_),`
`456`		`- _,`
`457`		`- ) => {}`
	`454`	`+ \| Rvalue::NullaryOp(NullOp::OffsetOf(..) \| NullOp::RuntimeChecks(_), _) => {}`
`458`	`455`	`}`
`459`	`456`	`}`
`460`	`457`
Original file line number	Diff line number	Diff line change
`@@ -1033,6 +1033,8 @@ pub enum RuntimeChecks {`
`1033`	`1033`	`UbChecks,`
`1034`	`1034`	`/// cfg!(contract_checks), but at codegen time`
`1035`	`1035`	`ContractChecks,`
	`1036`	`+ /// cfg!(overflow_checks), but at codegen time`
	`1037`	`+ OverflowChecks,`
`1036`	`1038`	`}`
`1037`	`1039`
`1038`	`1040`	`impl Operand {`
Original file line number	Diff line number	Diff line change
`@@ -330,6 +330,7 @@ impl<'tcx> Stable<'tcx> for mir::NullOp<'tcx> {`
`330`	`330`	`RuntimeChecks(op) => crate::mir::NullOp::RuntimeChecks(match op {`
`331`	`331`	`UbChecks => crate::mir::RuntimeChecks::UbChecks,`
`332`	`332`	`ContractChecks => crate::mir::RuntimeChecks::ContractChecks,`
	`333`	`+ OverflowChecks => crate::mir::RuntimeChecks::OverflowChecks,`
`333`	`334`	`}),`
`334`	`335`	`}`
`335`	`336`	`}`