Include arguments to the precondition check in failure messages

saethlin · saethlin · commit 65e5e12ddc1d · 2024-12-30T16:18:34.000-05:00
diff --git a/library/core/src/slice/index.rs b/library/core/src/slice/index.rs
@@ -1,7 +1,7 @@
 //! Indexing implementations for `[T]`.
 
 use crate::panic::const_panic;
-use crate::ub_checks::assert_unsafe_precondition;
+use crate::ub_checks::assert_unsafe_precondition2;
 use crate::{ops, range};
 
 #[stable(feature = "rust1", since = "1.0.0")]
@@ -240,10 +240,10 @@ unsafe impl<T> SliceIndex<[T]> for usize {
 
     #[inline]
     unsafe fn get_unchecked(self, slice: *const [T]) -> *const T {
-        assert_unsafe_precondition!(
+        assert_unsafe_precondition2!(
             check_language_ub,
-            "slice::get_unchecked requires that the index is within the slice",
-            (this: usize = self, len: usize = slice.len()) => this < len
+            "slice::get_unchecked requires that the index is within the slice (index:{index}, len:{len})",
+            (index: usize = self, len: usize = slice.len()) => index < len
         );
         // SAFETY: the caller guarantees that `slice` is not dangling, so it
         // cannot be longer than `isize::MAX`. They also guarantee that
@@ -259,10 +259,10 @@ unsafe impl<T> SliceIndex<[T]> for usize {
 
     #[inline]
     unsafe fn get_unchecked_mut(self, slice: *mut [T]) -> *mut T {
-        assert_unsafe_precondition!(
+        assert_unsafe_precondition2!(
             check_library_ub,
-            "slice::get_unchecked_mut requires that the index is within the slice",
-            (this: usize = self, len: usize = slice.len()) => this < len
+            "slice::get_unchecked_mut requires that the index is within the slice (index:{index}, len:{len})",
+            (index: usize = self, len: usize = slice.len()) => index < len
         );
         // SAFETY: see comments for `get_unchecked` above.
         unsafe { get_mut_noubcheck(slice, self) }
@@ -308,9 +308,9 @@ unsafe impl<T> SliceIndex<[T]> for ops::IndexRange {
 
     #[inline]
     unsafe fn get_unchecked(self, slice: *const [T]) -> *const [T] {
-        assert_unsafe_precondition!(
+        assert_unsafe_precondition2!(
             check_library_ub,
-            "slice::get_unchecked requires that the index is within the slice",
+            "slice::get_unchecked requires that the index is within the slice (end:{end}, len:{len})",
             (end: usize = self.end(), len: usize = slice.len()) => end <= len
         );
         // SAFETY: the caller guarantees that `slice` is not dangling, so it
@@ -322,9 +322,9 @@ unsafe impl<T> SliceIndex<[T]> for ops::IndexRange {
 
     #[inline]
     unsafe fn get_unchecked_mut(self, slice: *mut [T]) -> *mut [T] {
-        assert_unsafe_precondition!(
+        assert_unsafe_precondition2!(
             check_library_ub,
-            "slice::get_unchecked_mut requires that the index is within the slice",
+            "slice::get_unchecked_mut requires that the index is within the slice (end:{end}, len:{len})",
             (end: usize = self.end(), len: usize = slice.len()) => end <= len
         );
 
@@ -387,9 +387,9 @@ unsafe impl<T> SliceIndex<[T]> for ops::Range<usize> {
 
     #[inline]
     unsafe fn get_unchecked(self, slice: *const [T]) -> *const [T] {
-        assert_unsafe_precondition!(
+        assert_unsafe_precondition2!(
             check_library_ub,
-            "slice::get_unchecked requires that the range is within the slice",
+            "slice::get_unchecked requires that the range is within the slice (range:{start}..{end}, len:{len})",
             (
                 start: usize = self.start,
                 end: usize = self.end,
@@ -411,9 +411,9 @@ unsafe impl<T> SliceIndex<[T]> for ops::Range<usize> {
 
     #[inline]
     unsafe fn get_unchecked_mut(self, slice: *mut [T]) -> *mut [T] {
-        assert_unsafe_precondition!(
+        assert_unsafe_precondition2!(
             check_library_ub,
-            "slice::get_unchecked_mut requires that the range is within the slice",
+            "slice::get_unchecked_mut requires that the range is within the slice (range:{start}..{end}, len:{len})",
             (
                 start: usize = self.start,
                 end: usize = self.end,
diff --git a/library/core/src/slice/raw.rs b/library/core/src/slice/raw.rs
@@ -123,9 +123,9 @@ use crate::{array, ptr, ub_checks};
 pub const unsafe fn from_raw_parts<'a, T>(data: *const T, len: usize) -> &'a [T] {
     // SAFETY: the caller must uphold the safety contract for `from_raw_parts`.
     unsafe {
-        ub_checks::assert_unsafe_precondition!(
+        ub_checks::assert_unsafe_precondition2!(
             check_language_ub,
-            "slice::from_raw_parts requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX`",
+            "slice::from_raw_parts requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX` (data:{data:?}, size:{size:?}, align:{align:?}, len:{len:?})",
             (
                 data: *mut () = data as *mut (),
                 size: usize = size_of::<T>(),
@@ -177,9 +177,9 @@ pub const unsafe fn from_raw_parts<'a, T>(data: *const T, len: usize) -> &'a [T]
 pub const unsafe fn from_raw_parts_mut<'a, T>(data: *mut T, len: usize) -> &'a mut [T] {
     // SAFETY: the caller must uphold the safety contract for `from_raw_parts_mut`.
     unsafe {
-        ub_checks::assert_unsafe_precondition!(
+        ub_checks::assert_unsafe_precondition2!(
             check_language_ub,
-            "slice::from_raw_parts_mut requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX`",
+            "slice::from_raw_parts_mut requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX` (data:{data:?}, size:{size:?}, align:{align:?}, len:{len:?})",
             (
                 data: *mut () = data as *mut (),
                 size: usize = size_of::<T>(),
diff --git a/library/core/src/ub_checks.rs b/library/core/src/ub_checks.rs
@@ -79,6 +79,55 @@ macro_rules! assert_unsafe_precondition {
 }
 #[unstable(feature = "ub_checks", issue = "none")]
 pub use assert_unsafe_precondition;
+
+/// assert_unsafe_precondition, but full
+#[macro_export]
+#[unstable(feature = "ub_checks", issue = "none")]
+macro_rules! assert_unsafe_precondition2 {
+    ($kind:ident, $message:expr, ($($name:ident:$ty:ty = $arg:expr),*$(,)?) => $e:expr $(,)?) => {
+        {
+            // This check is inlineable, but not by the MIR inliner.
+            // The reason for this is that the MIR inliner is in an exceptionally bad position
+            // to think about whether or not to inline this. In MIR, this call is gated behind `debug_assertions`,
+            // which will codegen to `false` in release builds. Inlining the check would be wasted work in that case and
+            // would be bad for compile times.
+            //
+            // LLVM on the other hand sees the constant branch, so if it's `false`, it can immediately delete it without
+            // inlining the check. If it's `true`, it can inline it and get significantly better performance.
+            #[rustc_no_mir_inline]
+            #[inline]
+            #[rustc_nounwind]
+            #[track_caller]
+            #[rustc_allow_const_fn_unstable(const_eval_select)]
+            const fn precondition_check($($name:$ty),*) {
+                if $e { return; }
+                crate::intrinsics::const_eval_select!(
+                    @capture { $($name: $ty),* }:
+                    if const #[track_caller] {
+                        ::core::panicking::panic_nounwind(
+                            concat!("unsafe precondition(s) violated: ", $message)
+                        );
+                    } else #[track_caller] {
+                        ::core::panicking::panic_nounwind_fmt(
+                            format_args!(
+                                concat!("unsafe precondition(s) violated: ", $message),
+                                $($name=$name),*
+                            ),
+                            false
+                        );
+                    }
+                )
+            }
+
+            if ::core::ub_checks::$kind() {
+                precondition_check($($arg,)*);
+            }
+        }
+    };
+}
+#[unstable(feature = "ub_checks", issue = "none")]
+pub use assert_unsafe_precondition2;
+
 /// Checking library UB is always enabled when UB-checking is done
 /// (and we use a reexport so that there is no unnecessary wrapper function).
 #[unstable(feature = "ub_checks", issue = "none")]
