WIP crater experiment: do not promote const fn calls implicitly ever

[RalfJung]

This is a crater experiment related to rust-lang/rfcs#3027, to determine the fall-out from not promoting const fn calls in static/const items any more.

r? @ghost Cc @rust-lang/wg-const-eval

[RalfJung]

@bors try

[bors]

⌛ Trying commit f9d1498beeebdfce86298cc4dad74b09fc396304 with merge 81275a1445c7502a974118e0c69b795ab60be991...

[rust-log-analyzer]

The job x86_64-gnu-llvm-9 failed! Check out the build log: (web) (plain)

Click to see the possible cause of the failure (guessed by this bot)

.................................................................................................... 9000/11189
.................................................................................................... 9100/11189
................................................................................i......i............ 9200/11189
.................................................................................................... 9300/11189
...................iiiiii..iiiiii.i................................................................. 9400/11189
.................................................................................................... 9600/11189
.................................................................................................... 9700/11189
.................................................................................................... 9800/11189
.................................................................................................... 9900/11189
---
---- [ui] ui/consts/const-eval/ub-ref.rs stdout ----
diff of stderr:

46    |
47    = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior.
- error[E0080]: it is undefined behavior to use this value
- error[E0080]: it is undefined behavior to use this value
+ error: encountered dangling pointer in final constant
50   --> $DIR/ub-ref.rs:29:1
51    |
52 LL | const REF_AS_USIZE_BOX_SLICE: Box<[usize]> = unsafe { mem::transmute::<&[usize], _>(&[mem::transmute(&0)]) };

-    | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed: encountered a pointer at .<deref>, but expected plain (non-pointer) bytes
-    |
-    = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior.
56 
57 error[E0080]: it is undefined behavior to use this value
58   --> $DIR/ub-ref.rs:32:1



The actual stderr differed from the expected stderr.
Actual stderr saved to /checkout/obj/build/x86_64-unknown-linux-gnu/test/ui/consts/const-eval/ub-ref/ub-ref.stderr
To update references, rerun the tests and pass the `--bless` flag
To only update this specific test, also pass `--test-args consts/const-eval/ub-ref.rs`
error: 1 errors occurred comparing output.
status: exit code: 1
status: exit code: 1
command: "/checkout/obj/build/x86_64-unknown-linux-gnu/stage2/bin/rustc" "/checkout/src/test/ui/consts/const-eval/ub-ref.rs" "-Zthreads=1" "--target=x86_64-unknown-linux-gnu" "--error-format" "json" "-Zui-testing" "-Zdeduplicate-diagnostics=no" "-Zemit-future-incompat-report" "--emit" "metadata" "-C" "prefer-dynamic" "--out-dir" "/checkout/obj/build/x86_64-unknown-linux-gnu/test/ui/consts/const-eval/ub-ref" "-A" "unused" "-Crpath" "-O" "-Cdebuginfo=0" "-Zunstable-options" "-Lnative=/checkout/obj/build/x86_64-unknown-linux-gnu/native/rust-test-helpers" "-L" "/checkout/obj/build/x86_64-unknown-linux-gnu/test/ui/consts/const-eval/ub-ref/auxiliary"
------------------------------------------

------------------------------------------
stderr:
stderr:
------------------------------------------
error[E0080]: it is undefined behavior to use this value
  --> /checkout/src/test/ui/consts/const-eval/ub-ref.rs:6:1
   |
LL | const UNALIGNED: &u16 = unsafe { mem::transmute(&[0u8; 4]) };
   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed: encountered an unaligned reference (required 2 byte alignment but found 1)
   |
   = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior.
error[E0080]: it is undefined behavior to use this value
  --> /checkout/src/test/ui/consts/const-eval/ub-ref.rs:10:1
   |
   |
LL | const UNALIGNED_BOX: Box<u16> = unsafe { mem::transmute(&[0u8; 4]) };
   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed: encountered an unaligned box (required 2 byte alignment but found 1)
   |
   = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior.
error[E0080]: it is undefined behavior to use this value
  --> /checkout/src/test/ui/consts/const-eval/ub-ref.rs:14:1
   |
   |
LL | const NULL: &u16 = unsafe { mem::transmute(0usize) };
   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed: encountered a NULL reference
   |
   = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior.
error[E0080]: it is undefined behavior to use this value
  --> /checkout/src/test/ui/consts/const-eval/ub-ref.rs:17:1
   |
   |
LL | const NULL_BOX: Box<u16> = unsafe { mem::transmute(0usize) };
   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed: encountered a NULL box
   |
   = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior.
error[E0080]: it is undefined behavior to use this value
  --> /checkout/src/test/ui/consts/const-eval/ub-ref.rs:23:1
   |
   |
LL | const REF_AS_USIZE: usize = unsafe { mem::transmute(&0) };
   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed: encountered pointer to alloc14, but expected initialized plain (non-pointer) bytes
   |
   = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior.
error[E0080]: it is undefined behavior to use this value
  --> /checkout/src/test/ui/consts/const-eval/ub-ref.rs:26:1
   |
   |
LL | const REF_AS_USIZE_SLICE: &[usize] = &[unsafe { mem::transmute(&0) }];
   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed: encountered a pointer at .<deref>, but expected plain (non-pointer) bytes
   |
   = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior.

error: encountered dangling pointer in final constant
   |
   |
LL | const REF_AS_USIZE_BOX_SLICE: Box<[usize]> = unsafe { mem::transmute::<&[usize], _>(&[mem::transmute(&0)]) };

error[E0080]: it is undefined behavior to use this value
  --> /checkout/src/test/ui/consts/const-eval/ub-ref.rs:32:1
   |
   |
LL | const USIZE_AS_REF: &'static u8 = unsafe { mem::transmute(1337usize) };
   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed: encountered a dangling reference (created from integer)
   |
   = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior.
error[E0080]: it is undefined behavior to use this value
  --> /checkout/src/test/ui/consts/const-eval/ub-ref.rs:35:1
   |
   |
LL | const USIZE_AS_BOX: Box<u8> = unsafe { mem::transmute(1337usize) };
   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed: encountered a dangling box (created from integer)
   |
   = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior.
error: aborting due to 9 previous errors

For more information about this error, try `rustc --explain E0080`.


------------------------------------------


---- [ui] ui/consts/rfc-2203-const-array-repeat-exprs/fn-call-in-const.rs stdout ----

error: test compilation failed although it shouldn't!
status: exit code: 1
command: "/checkout/obj/build/x86_64-unknown-linux-gnu/stage2/bin/rustc" "/checkout/src/test/ui/consts/rfc-2203-const-array-repeat-exprs/fn-call-in-const.rs" "-Zthreads=1" "--target=x86_64-unknown-linux-gnu" "--error-format" "json" "-Zui-testing" "-Zdeduplicate-diagnostics=no" "-Zemit-future-incompat-report" "-C" "prefer-dynamic" "-o" "/checkout/obj/build/x86_64-unknown-linux-gnu/test/ui/consts/rfc-2203-const-array-repeat-exprs/fn-call-in-const/a" "-Crpath" "-O" "-Cdebuginfo=0" "-Zunstable-options" "-Lnative=/checkout/obj/build/x86_64-unknown-linux-gnu/native/rust-test-helpers" "-L" "/checkout/obj/build/x86_64-unknown-linux-gnu/test/ui/consts/rfc-2203-const-array-repeat-exprs/fn-call-in-const/auxiliary"
------------------------------------------

------------------------------------------
stderr:
stderr:
------------------------------------------
error[E0277]: the trait bound `Option<Bar>: Copy` is not satisfied
   |
   |
LL | const _: [Option<Bar>; 2] = [type_no_copy(); 2];
   |                             ^^^^^^^^^^^^^^^^^^^ the trait `Copy` is not implemented for `Option<Bar>`
   = help: the following implementations were found:
   = help: the following implementations were found:
             <Option<T> as Copy>
   = note: the `Copy` trait is required because the repeated element will be copied
error: aborting due to previous error

For more information about this error, try `rustc --explain E0277`.

---

Some tests failed in compiletest suite=ui mode=ui host=x86_64-unknown-linux-gnu target=x86_64-unknown-linux-gnu


command did not execute successfully: "/checkout/obj/build/x86_64-unknown-linux-gnu/stage0-tools-bin/compiletest" "--compile-lib-path" "/checkout/obj/build/x86_64-unknown-linux-gnu/stage2/lib" "--run-lib-path" "/checkout/obj/build/x86_64-unknown-linux-gnu/stage2/lib/rustlib/x86_64-unknown-linux-gnu/lib" "--rustc-path" "/checkout/obj/build/x86_64-unknown-linux-gnu/stage2/bin/rustc" "--src-base" "/checkout/src/test/ui" "--build-base" "/checkout/obj/build/x86_64-unknown-linux-gnu/test/ui" "--stage-id" "stage2-x86_64-unknown-linux-gnu" "--suite" "ui" "--mode" "ui" "--target" "x86_64-unknown-linux-gnu" "--host" "x86_64-unknown-linux-gnu" "--llvm-filecheck" "/usr/lib/llvm-9/bin/FileCheck" "--nodejs" "/usr/bin/node" "--host-rustcflags" "-Crpath -O -Cdebuginfo=0 -Zunstable-options  -Lnative=/checkout/obj/build/x86_64-unknown-linux-gnu/native/rust-test-helpers" "--target-rustcflags" "-Crpath -O -Cdebuginfo=0 -Zunstable-options  -Lnative=/checkout/obj/build/x86_64-unknown-linux-gnu/native/rust-test-helpers" "--docck-python" "/usr/bin/python2.7" "--lldb-python" "/usr/bin/python2.7" "--gdb" "/usr/bin/gdb" "--quiet" "--llvm-version" "9.0.0" "--llvm-components" "aarch64 aarch64asmparser aarch64codegen aarch64desc aarch64disassembler aarch64info aarch64utils aggressiveinstcombine all all-targets amdgpu amdgpuasmparser amdgpucodegen amdgpudesc amdgpudisassembler amdgpuinfo amdgpuutils analysis arm armasmparser armcodegen armdesc armdisassembler arminfo armutils asmparser asmprinter avr avrasmparser avrcodegen avrdesc avrdisassembler avrinfo binaryformat bitreader bitstreamreader bitwriter bpf bpfasmparser bpfcodegen bpfdesc bpfdisassembler bpfinfo codegen core coroutines coverage debuginfocodeview debuginfodwarf debuginfogsym debuginfomsf debuginfopdb demangle dlltooldriver engine executionengine fuzzmutate globalisel hexagon hexagonasmparser hexagoncodegen hexagondesc hexagondisassembler hexagoninfo instcombine instrumentation interpreter ipo irreader jitlink lanai lanaiasmparser lanaicodegen lanaidesc lanaidisassembler lanaiinfo libdriver lineeditor linker lto mc mca mcdisassembler mcjit mcparser mips mipsasmparser mipscodegen mipsdesc mipsdisassembler mipsinfo mirparser msp430 msp430asmparser msp430codegen msp430desc msp430disassembler msp430info native nativecodegen nvptx nvptxcodegen nvptxdesc nvptxinfo objcarcopts object objectyaml option orcjit passes perfjitevents powerpc powerpcasmparser powerpccodegen powerpcdesc powerpcdisassembler powerpcinfo profiledata remarks riscv riscvasmparser riscvcodegen riscvdesc riscvdisassembler riscvinfo riscvutils runtimedyld scalaropts selectiondag sparc sparcasmparser sparccodegen sparcdesc sparcdisassembler sparcinfo support symbolize systemz systemzasmparser systemzcodegen systemzdesc systemzdisassembler systemzinfo tablegen target textapi transformutils vectorize webassembly webassemblyasmparser webassemblycodegen webassemblydesc webassemblydisassembler webassemblyinfo windowsmanifest x86 x86asmparser x86codegen x86desc x86disassembler x86info x86utils xcore xcorecodegen xcoredesc xcoredisassembler xcoreinfo xray" "--system-llvm" "--cc" "" "--cxx" "" "--cflags" "" "--adb-path" "adb" "--adb-test-dir" "/data/tmp/work" "--android-cross-path" "" "--color" "always"


failed to run: /checkout/obj/build/bootstrap/debug/bootstrap --stage 2 test --exclude src/tools/tidy
Build completed unsuccessfully in 0:16:56

[bors]

☀️ Try build successful - checks-actions
Build commit: 81275a1445c7502a974118e0c69b795ab60be991 (81275a1445c7502a974118e0c69b795ab60be991)

[RalfJung]

@craterbot check

[craterbot]

👌 Experiment pr-80243 created and queued.
🤖 Automatically detected try build 81275a1445c7502a974118e0c69b795ab60be991
⚠️ Try build based on commit 2ad5292, but latest commit is f9d1498beeebdfce86298cc4dad74b09fc396304. Did you forget to make a new try build?
🔍 You can check out the queue and this experiment's details.

ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more

[craterbot]

🚧 Experiment pr-80243 is now running

ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more

[craterbot]

🚨 Experiment pr-80243 has encountered an error: some threads returned an error
🛠️ If the error is fixed use the retry command.

🆘 Can someone from the infra team check in on this? @rust-lang/infra
ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more

[pietroalbini]

@craterbot retry

[craterbot]

🛠️ Experiment pr-80243 queued again.

ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more

[craterbot]

🚧 Experiment pr-80243 is now running

ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more

[craterbot]

🎉 Experiment pr-80243 is completed!
📊 17 regressed and 6 fixed (136514 total)
📰 Open the full report.

⚠️ If you notice any spurious failure please add them to the blacklist!
ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more

[oli-obk]

5 real regressions, all around some sort of constructor-style const fn

[RalfJung]

Hm, I am counting a bit more than 5:

• on GH
  • https://crater-reports.s3.amazonaws.com/pr-80243/try%2381275a1445c7502a974118e0c69b795ab60be991/gh/parksb.mipssembler/log.txt
  • https://crater-reports.s3.amazonaws.com/pr-80243/try%2381275a1445c7502a974118e0c69b795ab60be991/gh/pop-os.shell-shortcuts/log.txt
  • https://crater-reports.s3.amazonaws.com/pr-80243/try%2381275a1445c7502a974118e0c69b795ab60be991/gh/LiHRaM.zathura-markdown-rs/log.txt (here we actually end up with a dangling ptr in a constant, probably the code casts the lifetime away and so promotion failures doesn't lead to a borrowck failure)
• on crates.io
  • https://crater-reports.s3.amazonaws.com/pr-80243/try%2381275a1445c7502a974118e0c69b795ab60be991/reg/cluConstData-1.3.0/log.txt
  • https://crater-reports.s3.amazonaws.com/pr-80243/try%2381275a1445c7502a974118e0c69b795ab60be991/reg/keyberon-0.1.1/log.txt
  • https://crater-reports.s3.amazonaws.com/pr-80243/try%2381275a1445c7502a974118e0c69b795ab60be991/reg/public-ip-0.1.1/log.txt (this we could probably fix by marking IpAddr/IpV4Addr constructors as promotable)
  • https://crater-reports.s3.amazonaws.com/pr-80243/try%2381275a1445c7502a974118e0c69b795ab60be991/reg/window-0.4.1/log.txt
  • https://crater-reports.s3.amazonaws.com/pr-80243/try%2381275a1445c7502a974118e0c69b795ab60be991/reg/plugin_tls-0.2.3/log.txt -- the actual issue is in abi_stable's derive macro

There's also https://crater-reports.s3.amazonaws.com/pr-80243/try%2381275a1445c7502a974118e0c69b795ab60be991/reg/perfcnt-0.6.0/log.txt which I am unsure about... it's a segfault in a build script, so it sounds unlikely to be caused by this, but I am also not sure why else this would start failing now (but then sometimes things start failing for no clear reason).

[RalfJung]

There's also https://crater-reports.s3.amazonaws.com/pr-80243/try%2381275a1445c7502a974118e0c69b795ab60be991/reg/perfcnt-0.6.0/log.txt which I am unsure about... it's a segfault in a build script, so it sounds unlikely to be caused by this, but I am also not sure why else this would start failing now (but then sometimes things start failing for no clear reason).

I thought some more about this and came to the conclusion that this change cannot cause segfaults. Even if unsafe casts lead to the borrow checker not seeing an issue, the const result interner will notice that there is a dangling pointer and raise a hard error (as it did in a few of the other cases).

[RalfJung]

All right, I went through the 5 crates.

• cluConstData is easily fixed (avoid relying on implicit promotion of const fn calls clucompany/cluConstData#2)
• public-ip and window work without change by marking some functions promotable (and those are infallible so it's fine)
• keyberon is somewhat annoying to fix; they used const fn as shortcuts for some constructor functions and having to spell out the const makes things much more painful. A work-around via macros is possible. See avoid relying on implicit promotion TeXitoi/keyberon#41. Inline const expressions as-implemented should suffice for this.
• abi_stable_crates is by far the hardest to fix -- it has plenty of constants generated by a proc macro, and they depend on generics so making them stand-alone const is not possible. Associated consts would work but are rather painful. See Crate relies on implicit promotion of const fn calls rodrimati1992/abi_stable_crates#46.

So... until const { expr } can depend on generics, this will be rather painful for exactly one crate that crater tests.

[Aaron1011]

public-ip and window work without change by marking some functions promotable (and those are infallible so it's fine)

Is there any plan to eventually stabilize some form of #[rustc_promotable] , or is writingconst { } blocks at the call site good enough?

Also, explicitly marking someIpAddress functions as promotable seems like almost exactly the opposite approach as taken in #71796, where we stopped promoting some Duration functions. Would the promotability of these IpAddress functions become a permament part of the stdlib?

[RalfJung]

Is there any plan to eventually stabilize some form of #[rustc_promotable] , or is writingconst { } blocks at the call site good enough?

Currently, the plan is to rely on const { }. Once that is stable and if it then turns out that there's still demand to make things more ergonomic, we could consider a stable form of #[rustc_promotable] -- now that we know what the condition is ("evaluation must never fail, not even panic"), that is feasible. However, many const fn could likely be made pormotable... so there'd be another wave of churn through the ecosystem similar to "const fn all the things". Not sure if that's worth it.

Also, explicitly marking someIpAddress functions as promotable seems like almost exactly the opposite approach as taken in #71796, where we stopped promoting some Duration functions. Would the promotability of these IpAddress functions become a permament part of the stdlib?

You are right. #71796 was from before we had a plan. If the plan in the RFC works out (if we can truly make all promoteds not fail during evaluation / treat failures as a hard error), then I'd be fine with reverting #71796.

[RalfJung]

There another alternative we could pursue to limit the breakage caused here: if the expression-to-promote post-dominates the start block, i.e. if the expression will definitely be evaluated whenever the const initializer is evaluated, we could promote it and treat failure-to-evaluate-the-promoted as a hard error -- because we know that the const initializer will then definitely also fail to evaluate. This would definitely permit all "old" uses that do not involve any control flow.

@rodrimati1992 would that work for you, or is there control flow in the const code your macro is generating?

It would, however, have two strange effects:

• Adding if ... around a piece of code could make it no longer compile, since inside the conditional we would promote less than outside.
• When the const initializer is of the form let x = fun1(); (x, &fun2()), then if fun1 fails, fun2 would still be evaluated, and if it also fails, two evaluation errors would be shown for a single const initializer. That could be confusing.

From an implementation perspective, this change would mean we could not bug! or delay_span_bug when a promoted fails to evaluate; we'd have to do the regular proper error reporting (and figure out how to make it look good -- Cc #80380).

So, this is not a great solution, but it could be a viable backup plan if we do not want to force people to move to const { }.

[rodrimati1992]

@RalfJung That would be a good solution for abi_stable, it doesn't use any const fn features that weren't in Rust 1.41.0.

[RalfJung]

I think this PR has served its purpose; we now have a better idea of what promoted const fn in const/static initializers are used for.

Let's use the tracking issue #80619 for further discussion.