Do not assert layout in KnownPanicsLint. #144226

cjgillot · 2025-07-20T16:44:49Z

Fixes #121176
Fixes #129109
Fixes #130970
Fixes #131347
Fixes #139872
Fixes #140332

rustbot · 2025-07-20T16:44:53Z

rustbot has assigned @davidtwco.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

rustbot · 2025-07-20T16:44:55Z

Some changes occurred to the CTFE / Miri interpreter

cc @rust-lang/miri

This PR changes a file inside tests/crashes. If a crash was fixed, please move into the corresponding ui subdir and add 'Fixes #' to the PR description to autoclose the issue upon merge.

Some changes occurred to MIR optimizations

cc @rust-lang/wg-mir-opt

Some changes occurred to the CTFE machinery

cc @RalfJung, @oli-obk, @lcnr

RalfJung · 2025-07-20T20:23:50Z

compiler/rustc_const_eval/src/interpret/operand.rs

@@ -243,6 +243,17 @@ impl<'tcx, Prov: Provenance> std::ops::Deref for ImmTy<'tcx, Prov> {
 }

 impl<'tcx, Prov: Provenance> ImmTy<'tcx, Prov> {
+    #[inline(always)]
+    pub fn try_from_immediate(imm: Immediate<Prov>, layout: TyAndLayout<'tcx>) -> Option<Self> {


I'm not a fan of these functions. The point of the assertions is that they are a last line of defense to detect defective callers. They are not exhaustive checks. If the caller can't ensure that the value has the right type, that can only be fixed in the caller.

IOW, matches_abi here really is more of a maybe_matches_abi. It is necessary, but not sufficient. And trying to make it sufficient is the wrong approach; the right approach is figuring out why someone is feeding bogus data into these functions.

RalfJung · 2025-07-20T20:24:57Z

tests/ui/mir/static-by-value-dyn.rs

+
+use std::fmt::Debug;
+
+static STATIC_1: dyn Debug + Sync = *();


For instance, this is a clearly ill-formed static. Nothing should ever look at its MIR. Trying to make the MIR interpreter APIs resistant against bogus MIR is a pointless game of whack-a-mole.

RalfJung

These all seem to be standard cases of "ill-formed MIR gets too far into the pipeline". We should never run any MIR passes on ill-formed MIR; it is a waste of effort to try and fix this inside every individual pass.

cjgillot · 2025-07-20T20:39:46Z

These all seem to be standard cases of "ill-formed MIR gets too far into the pipeline". We should never run any MIR passes on ill-formed MIR; it is a waste of effort to try and fix this inside every individual pass.

I agree, but fixing this is general is hard too. We have an ImpossiblePredicates pass to skip this kind of nonsense, but it is quite limited to avoid query cycles. And it cannot handle nonsense that spans multiple items.

A "cleaner" way would be to ensure we never produce a constant with mismatching ABI, be it as a ConstValue or as an OpTy. But that also clashes with the notion that miri should run on sensible code.

RalfJung · 2025-07-20T20:46:24Z

These are statics failing the "it must be sized" check. It's not some impossible where bound. I don't see what is so hard about marking them as tainted so nothing else ever touches them again. It's the exact same thing as a static whose initializer body is plainly ill-typed.

cjgillot · 2025-07-20T21:46:33Z

@RalfJung this latest version prevents creating the erroneous constants altogether. Do you agree with this version?

rust-log-analyzer · 2025-07-20T23:46:22Z

The job aarch64-gnu-llvm-19-1 failed! Check out the build log: (web) (plain enhanced) (plain)

Click to see the possible cause of the failure (guessed by this bot)

---- [run-make] tests/run-make/static-extern-type stdout ----

error: rmake recipe failed to complete
status: exit status: 1
command: cd "/checkout/obj/build/aarch64-unknown-linux-gnu/test/run-make/static-extern-type/rmake_out" && env -u RUSTFLAGS AR="ar" BUILD_ROOT="/checkout/obj/build/aarch64-unknown-linux-gnu" CARGO="/checkout/obj/build/aarch64-unknown-linux-gnu/stage1-tools-bin/cargo" CC="cc" CC_DEFAULT_FLAGS="-ffunction-sections -fdata-sections -fPIC" CXX="c++" CXX_DEFAULT_FLAGS="-ffunction-sections -fdata-sections -fPIC" HOST_RUSTC_DYLIB_PATH="/checkout/obj/build/aarch64-unknown-linux-gnu/stage2/lib" LD_LIBRARY_PATH="/checkout/obj/build/aarch64-unknown-linux-gnu/bootstrap-tools/aarch64-unknown-linux-gnu/release/deps:/checkout/obj/build/aarch64-unknown-linux-gnu/stage0/lib/rustlib/aarch64-unknown-linux-gnu/lib" LD_LIB_PATH_ENVVAR="LD_LIBRARY_PATH" LLVM_BIN_DIR="/usr/lib/llvm-19/bin" LLVM_COMPONENTS="aarch64 aarch64asmparser aarch64codegen aarch64desc aarch64disassembler aarch64info aarch64utils aggressiveinstcombine all all-targets amdgpu amdgpuasmparser amdgpucodegen amdgpudesc amdgpudisassembler amdgpuinfo amdgputargetmca amdgpuutils analysis arm armasmparser armcodegen armdesc armdisassembler arminfo armutils asmparser asmprinter avr avrasmparser avrcodegen avrdesc avrdisassembler avrinfo binaryformat bitreader bitstreamreader bitwriter bpf bpfasmparser bpfcodegen bpfdesc bpfdisassembler bpfinfo cfguard codegen codegendata codegentypes core coroutines coverage debuginfobtf debuginfocodeview debuginfodwarf debuginfogsym debuginfologicalview debuginfomsf debuginfopdb demangle dlltooldriver dwarflinker dwarflinkerclassic dwarflinkerparallel dwp engine executionengine extensions filecheck frontenddriver frontendhlsl frontendoffloading frontendopenacc frontendopenmp fuzzercli fuzzmutate globalisel hexagon hexagonasmparser hexagoncodegen hexagondesc hexagondisassembler hexagoninfo hipstdpar instcombine instrumentation interfacestub interpreter ipo irprinter irreader jitlink lanai lanaiasmparser lanaicodegen lanaidesc lanaidisassembler lanaiinfo libdriver lineeditor linker loongarch loongarchasmparser loongarchcodegen loongarchdesc loongarchdisassembler loongarchinfo lto m68k m68kasmparser m68kcodegen m68kdesc m68kdisassembler m68kinfo mc mca mcdisassembler mcjit mcparser mips mipsasmparser mipscodegen mipsdesc mipsdisassembler mipsinfo mirparser msp430 msp430asmparser msp430codegen msp430desc msp430disassembler msp430info native nativecodegen nvptx nvptxcodegen nvptxdesc nvptxinfo objcarcopts objcopy object objectyaml option orcdebugging orcjit orcshared orctargetprocess passes perfjitevents powerpc powerpcasmparser powerpccodegen powerpcdesc powerpcdisassembler powerpcinfo profiledata remarks riscv riscvasmparser riscvcodegen riscvdesc riscvdisassembler riscvinfo riscvtargetmca runtimedyld sandboxir scalaropts selectiondag sparc sparcasmparser sparccodegen sparcdesc sparcdisassembler sparcinfo support symbolize systemz systemzasmparser systemzcodegen systemzdesc systemzdisassembler systemzinfo tablegen target targetparser textapi textapibinaryreader transformutils ve veasmparser vecodegen vectorize vedesc vedisassembler veinfo webassembly webassemblyasmparser webassemblycodegen webassemblydesc webassemblydisassembler webassemblyinfo webassemblyutils windowsdriver windowsmanifest x86 x86asmparser x86codegen x86desc x86disassembler x86info x86targetmca xcore xcorecodegen xcoredesc xcoredisassembler xcoreinfo xray xtensa xtensaasmparser xtensacodegen xtensadesc xtensadisassembler xtensainfo" LLVM_FILECHECK="/usr/lib/llvm-19/bin/FileCheck" NODE="/usr/bin/node" PYTHON="/usr/bin/python3" RUSTC="/checkout/obj/build/aarch64-unknown-linux-gnu/stage2/bin/rustc" RUSTDOC="/checkout/obj/build/aarch64-unknown-linux-gnu/stage2/bin/rustdoc" SOURCE_ROOT="/checkout" TARGET="aarch64-unknown-linux-gnu" TARGET_EXE_DYLIB_PATH="/checkout/obj/build/aarch64-unknown-linux-gnu/stage2/lib/rustlib/aarch64-unknown-linux-gnu/lib" __RUSTC_DEBUG_ASSERTIONS_ENABLED="1" __STD_DEBUG_ASSERTIONS_ENABLED="1" "/checkout/obj/build/aarch64-unknown-linux-gnu/test/run-make/static-extern-type/rmake"
stdout: none
--- stderr -------------------------------
command failed at line 14
Command { cmd: LD_LIBRARY_PATH="/checkout/obj/build/aarch64-unknown-linux-gnu/test/run-make/static-extern-type/rmake_out:/checkout/obj/build/aarch64-unknown-linux-gnu/stage2/lib:/checkout/obj/build/aarch64-unknown-linux-gnu/bootstrap-tools/aarch64-unknown-linux-gnu/release/deps:/checkout/obj/build/aarch64-unknown-linux-gnu/stage0/lib/rustlib/aarch64-unknown-linux-gnu/lib" "/checkout/obj/build/aarch64-unknown-linux-gnu/stage2/bin/rustc" "-L" "/checkout/obj/build/aarch64-unknown-linux-gnu/test/run-make/static-extern-type/rmake_out" "-ldefine-foo" "use-foo.rs" "--target=aarch64-unknown-linux-gnu", stdin_buf: None, stdin: None, stdout: None, stderr: None, drop_bomb: DropBomb { command: "/checkout/obj/build/aarch64-unknown-linux-gnu/stage2/bin/rustc", defused: true, armed_location: Location { file: "/checkout/tests/run-make/static-extern-type/rmake.rs", line: 14, column: 5 } }, already_executed: true }
output status: `exit status: 101`
=== STDOUT ===



=== STDERR ===
note: no errors encountered even though delayed bugs were created

RalfJung · 2025-07-21T06:04:17Z

Yeah, that looks much better, thanks.

I'm not familiar with MIR building so I can't approve this on my own, however.

cjgillot · 2025-07-21T21:05:33Z

It's not ready yet. Just checking sizedness is not enough, as some non-sized types are OK too, like extern types. And using layout causes cycles.

RalfJung · 2025-07-21T21:10:32Z

Extern types can only work with extern statics, right?

And even then, that seems kind of cursed. Did we intentionally allow that or just forget to disallow it?

cjgillot · 2025-07-22T01:57:26Z

Extern types can only work with extern statics, right?

Or inside pointers. And pointers to extern types are scalars.

And even then, that seems kind of cursed. Did we intentionally allow that or just forget to disallow it?

It's intentional. We have a run-make test to verify this works.

RalfJung · 2025-07-22T06:30:04Z

Pointers to extern types are sized so there is no problem with them, those should just work.

cjgillot · 2025-07-22T22:54:06Z

The failing test is this one:

rust/tests/run-make/static-extern-type/use-foo.rs

Lines 3 to 7 in a7a1618

    
           extern "C" { 
        
               type Foo; 
        
               static FOO: Foo; 
        
               fn bar(foo: *const Foo) -> u8; 
        
           }

As a foreign type Foo is not sized, but &Foo and *mut Foo are still scalar. This is a special case in layout computation.

Checking whether &T is scalar in full generality requires either to call layout_of, or to open-code it. Internally, it normalizes <T as Pointee>::Metadata and compute that type's layout. The normalization process may try to normalize opaque types. This breaks https://github.com/rust-lang/rust/blob/master/tests/ui/coroutine/layout-error.rs

RalfJung · 2025-07-23T06:32:09Z

The failing test is this one:

Yeah, that is a very odd test, I didn't think we'd allow extern statics with unknown size. Interestingly, we reject static FOO2: [i32]; (as we have to).

What is not entirely clear to me is why we'd care about whether &Foo has metadata or not. Is that for constructing the pointer that represents the extern static access in MIR? As far as I can see, those pointers are always scalar, since statics with unsized types that require metadata are forbidden (and that makes sense; where would the metadata come from anyway).

RalfJung · 2025-07-23T16:45:58Z

All the issues referenced here seem to be about statics that are unsized-with-metadata. You can check for this without knowing the layout; just call ptr_metadata_ty on the type of the static. Statics can't be generic so this should always give you a definite answer.

This still has to normalize some things though, so that coroutine case could become interesting. But it's okay for that code to error, it just can't ICE.

RalfJung · 2025-07-23T16:47:55Z

compiler/rustc_mir_build/src/builder/expr/as_constant.rs

+                // Still, producing a single scalar constant would be inconsistent, as pointers to
+                // non-`Sized` types are scalar pairs. Avoid an ICE by producing an error constant.
+                let guar =
+                    tcx.dcx().span_delayed_bug(span, format!("static's type `{ty}` is not Sized"));


Suggested change

tcx.dcx().span_delayed_bug(span, format!("static's type `{ty}` is not Sized"));

tcx.dcx().span_delayed_bug(span, format!("static's type `{pointee}` is not Sized"));

RalfJung · 2025-07-23T16:52:52Z

Wouldn't an alternative be to change the type of the static itself to TyKind::Error after we determined that it's not a valid type for a static? Then we don't need patches like this all over the rest of the compiler.

Cc @oli-obk

cjgillot added 2 commits July 20, 2025 16:21

Add crash tests.

0cb4b0d

Do not assert layout in KnownPanicsLint.

53ae5c6

rustbot assigned davidtwco Jul 20, 2025

rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. labels Jul 20, 2025

RalfJung reviewed Jul 20, 2025

View reviewed changes

RalfJung requested changes Jul 20, 2025

View reviewed changes

cjgillot force-pushed the known-panics-panics branch 2 times, most recently from 7e54047 to a825a96 Compare July 20, 2025 21:44

This comment has been minimized.

Sign in to view

Check static is sized when building MIR.

a250112

cjgillot force-pushed the known-panics-panics branch from a825a96 to a250112 Compare July 20, 2025 22:33

RalfJung reviewed Jul 23, 2025

View reviewed changes


		use std::fmt::Debug;

		static STATIC_1: dyn Debug + Sync = *();

	tcx.dcx().span_delayed_bug(span, format!("static's type `{ty}` is not Sized"));
	tcx.dcx().span_delayed_bug(span, format!("static's type `{pointee}` is not Sized"));

Do not assert layout in KnownPanicsLint. #144226

Are you sure you want to change the base?

Do not assert layout in KnownPanicsLint. #144226

Conversation

cjgillot commented Jul 20, 2025 • edited by rustbot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

rustbot commented Jul 20, 2025

Uh oh!

rustbot commented Jul 20, 2025

Uh oh!

RalfJung Jul 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

RalfJung Jul 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

RalfJung left a comment

Choose a reason for hiding this comment

Uh oh!

cjgillot commented Jul 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

RalfJung commented Jul 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

cjgillot commented Jul 20, 2025

Uh oh!

This comment has been minimized.

rust-log-analyzer commented Jul 20, 2025

Uh oh!

RalfJung commented Jul 21, 2025

Uh oh!

cjgillot commented Jul 21, 2025

Uh oh!

RalfJung commented Jul 21, 2025

Uh oh!

cjgillot commented Jul 22, 2025

Uh oh!

RalfJung commented Jul 22, 2025 via email

Uh oh!

cjgillot commented Jul 22, 2025

Uh oh!

RalfJung commented Jul 23, 2025

Uh oh!

RalfJung commented Jul 23, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

RalfJung Jul 23, 2025

Choose a reason for hiding this comment

Uh oh!

RalfJung commented Jul 23, 2025

Uh oh!

Uh oh!

cjgillot commented Jul 20, 2025 •

edited by rustbot

Loading

RalfJung Jul 20, 2025 •

edited

Loading

RalfJung Jul 20, 2025 •

edited

Loading

cjgillot commented Jul 20, 2025 •

edited

Loading

RalfJung commented Jul 20, 2025 •

edited

Loading

RalfJung commented Jul 23, 2025 •

edited

Loading